├── .allstar
└── binary_artifacts.yaml
├── .bazelrc
├── .bazelversion
├── .clang-format
├── .github
└── workflows
│ ├── check-markdown.yml
│ ├── ci.yml
│ ├── continuous.yml
│ ├── e2e.yml
│ ├── fuzz.yml
│ └── sanitizers.yml
├── .gitignore
├── .pyink-config
├── BUILD
├── CODEOWNERS
├── CONTRIBUTING.md
├── Conf
├── Package
│ ├── Distribution.xml
│ ├── notarization_tool.sh
│ ├── package_and_sign.sh
│ ├── postinstall
│ └── preinstall
├── com.google.santa.bundleservice.plist
├── com.google.santa.metricservice.plist
├── com.google.santa.newsyslog.conf
├── com.google.santa.plist
├── com.google.santa.syncservice.plist
├── com.google.santad.plist
├── install.sh
└── uninstall.sh
├── Fuzzing
├── BUILD
├── common
│ ├── MachOParse.mm
│ └── MachOParse_corpus
│ │ └── ret0
├── fuzzing.bzl
├── install_libclang_fuzzer.sh
├── santacache
│ ├── .gitignore
│ ├── santacache_fuzzer_seed_corpus
│ │ └── example01
│ └── src
│ │ └── main.cpp
├── santactl
│ ├── santactl_fuzzer_seed_corpus
│ │ └── example01
│ └── src
│ │ └── main.mm
└── santad
│ ├── santad_checkCacheForVnodeID_fuzzer_seed_corpus
│ └── example01
│ ├── santad_databaseRemoveEventsWithIDs_fuzzer_seed_corpus
│ └── example01
│ ├── santad_databaseRuleAddRules_fuzzer_seed_corpus
│ └── example01
│ └── src
│ ├── checkCacheForVnodeID.mm
│ ├── databaseRemoveEventsWithIDs.mm
│ └── databaseRuleAddRules.mm
├── LICENSE
├── MODULE.bazel
├── README.md
├── SECURITY.md
├── Source
├── common
│ ├── BUILD
│ ├── BranchPrediction.h
│ ├── CertificateHelpers.h
│ ├── CertificateHelpers.m
│ ├── Platform.h
│ ├── PrefixTree.h
│ ├── PrefixTreeTest.mm
│ ├── SNTBlockMessage.h
│ ├── SNTBlockMessage.m
│ ├── SNTBlockMessageTest.m
│ ├── SNTCachedDecision.h
│ ├── SNTCachedDecision.mm
│ ├── SNTCachedDecisionTest.mm
│ ├── SNTCommonEnums.h
│ ├── SNTConfigurator.h
│ ├── SNTConfigurator.m
│ ├── SNTConfiguratorTest.m
│ ├── SNTDeepCopy.h
│ ├── SNTDeepCopy.m
│ ├── SNTDeviceEvent.h
│ ├── SNTDeviceEvent.m
│ ├── SNTDropRootPrivs.h
│ ├── SNTDropRootPrivs.m
│ ├── SNTFileAccessEvent.h
│ ├── SNTFileAccessEvent.m
│ ├── SNTFileInfo.h
│ ├── SNTFileInfo.m
│ ├── SNTFileInfoTest.m
│ ├── SNTKVOManager.h
│ ├── SNTKVOManager.mm
│ ├── SNTKVOManagerTest.mm
│ ├── SNTLogging.h
│ ├── SNTLogging.m
│ ├── SNTMetricSet.h
│ ├── SNTMetricSet.m
│ ├── SNTMetricSetTest.m
│ ├── SNTRule.h
│ ├── SNTRule.m
│ ├── SNTRuleIdentifiers.h
│ ├── SNTRuleIdentifiers.m
│ ├── SNTRuleTest.m
│ ├── SNTStoredEvent.h
│ ├── SNTStoredEvent.m
│ ├── SNTStrengthify.h
│ ├── SNTSyncConstants.h
│ ├── SNTSyncConstants.m
│ ├── SNTSystemInfo.h
│ ├── SNTSystemInfo.m
│ ├── SNTXPCBundleServiceInterface.h
│ ├── SNTXPCBundleServiceInterface.m
│ ├── SNTXPCControlInterface.h
│ ├── SNTXPCControlInterface.m
│ ├── SNTXPCMetricServiceInterface.h
│ ├── SNTXPCMetricServiceInterface.m
│ ├── SNTXPCNotifierInterface.h
│ ├── SNTXPCNotifierInterface.m
│ ├── SNTXPCSyncServiceInterface.h
│ ├── SNTXPCSyncServiceInterface.m
│ ├── SNTXPCUnprivilegedControlInterface.h
│ ├── SNTXPCUnprivilegedControlInterface.m
│ ├── SantaCache.h
│ ├── SantaCacheTest.mm
│ ├── SantaVnode.h
│ ├── SantaVnodeHash.h
│ ├── SantaVnodeHash.mm
│ ├── ScopedCFTypeRef.h
│ ├── ScopedCFTypeRefTest.mm
│ ├── ScopedIOObjectRef.h
│ ├── ScopedIOObjectRefTest.mm
│ ├── ScopedTypeRef.h
│ ├── SigningIDHelpers.h
│ ├── SigningIDHelpers.m
│ ├── String.h
│ ├── SystemResources.h
│ ├── SystemResources.mm
│ ├── TestUtils.h
│ ├── TestUtils.mm
│ ├── Unit.h
│ ├── santa.proto
│ ├── santa_proto_include_wrapper.h
│ └── testdata
│ │ ├── 32bitplist
│ │ ├── BundleExample.app
│ │ └── Contents
│ │ │ ├── Info.plist
│ │ │ └── MacOS
│ │ │ └── BundleExample
│ │ ├── DirectoryBundle
│ │ └── Contents
│ │ │ ├── Info.plist
│ │ │ ├── MacOS
│ │ │ └── DirectoryBundle
│ │ │ └── Resources
│ │ │ └── BundleExample.app
│ │ │ └── Contents
│ │ │ ├── Info.plist
│ │ │ └── MacOS
│ │ │ └── BundleExample
│ │ ├── bad_pagezero
│ │ └── missing_pagezero
├── gui
│ ├── BUILD
│ ├── Info.plist
│ ├── Resources
│ │ ├── Images.xcassets
│ │ │ ├── AppIcon.appiconset
│ │ │ │ ├── Contents.json
│ │ │ │ ├── santa-hat-icon-128.png
│ │ │ │ ├── santa-hat-icon-16.png
│ │ │ │ ├── santa-hat-icon-256.png
│ │ │ │ ├── santa-hat-icon-32.png
│ │ │ │ └── santa-hat-icon-64.png
│ │ │ └── Contents.json
│ │ └── MessageWindow.xib
│ ├── SNTAboutWindowController.h
│ ├── SNTAboutWindowController.m
│ ├── SNTAboutWindowView.swift
│ ├── SNTAccessibleTextField.h
│ ├── SNTAccessibleTextField.m
│ ├── SNTAppDelegate.h
│ ├── SNTAppDelegate.m
│ ├── SNTBinaryMessageWindowController.h
│ ├── SNTBinaryMessageWindowController.m
│ ├── SNTDeviceMessageWindowController.h
│ ├── SNTDeviceMessageWindowController.m
│ ├── SNTDeviceMessageWindowView.swift
│ ├── SNTFileAccessMessageWindowController.h
│ ├── SNTFileAccessMessageWindowController.m
│ ├── SNTFileAccessMessageWindowView.swift
│ ├── SNTMessageWindow.h
│ ├── SNTMessageWindow.m
│ ├── SNTMessageWindowController.h
│ ├── SNTMessageWindowController.m
│ ├── SNTNotificationManager.h
│ ├── SNTNotificationManager.m
│ ├── SNTNotificationManagerTest.m
│ ├── Santa.app-adhoc.entitlements
│ └── main.m
├── santabundleservice
│ ├── BUILD
│ ├── Info.plist
│ ├── SNTBundleService.h
│ ├── SNTBundleService.m
│ └── main.m
├── santactl
│ ├── BUILD
│ ├── Commands
│ │ ├── SNTCommandBundleInfo.m
│ │ ├── SNTCommandCheckCache.m
│ │ ├── SNTCommandFileInfo.m
│ │ ├── SNTCommandFileInfoTest.m
│ │ ├── SNTCommandFlushCache.m
│ │ ├── SNTCommandMetrics.h
│ │ ├── SNTCommandMetrics.m
│ │ ├── SNTCommandMetricsTest.m
│ │ ├── SNTCommandPrintLog.mm
│ │ ├── SNTCommandRule.h
│ │ ├── SNTCommandRule.m
│ │ ├── SNTCommandRuleTest.mm
│ │ ├── SNTCommandStatus.m
│ │ ├── SNTCommandSync.m
│ │ ├── SNTCommandVersion.m
│ │ └── testdata
│ │ │ ├── metrics-prettyprint.json
│ │ │ └── metrics-prettyprint.txt
│ ├── Info.plist
│ ├── SNTCommand.h
│ ├── SNTCommand.m
│ ├── SNTCommandController.h
│ ├── SNTCommandController.m
│ └── main.m
├── santad
│ ├── BUILD
│ ├── DataLayer
│ │ ├── SNTDatabaseTable.h
│ │ ├── SNTDatabaseTable.m
│ │ ├── SNTEventTable.h
│ │ ├── SNTEventTable.m
│ │ ├── SNTEventTableTest.m
│ │ ├── SNTRuleTable.h
│ │ ├── SNTRuleTable.m
│ │ ├── SNTRuleTableTest.m
│ │ ├── WatchItemPolicy.h
│ │ ├── WatchItems.h
│ │ ├── WatchItems.mm
│ │ └── WatchItemsTest.mm
│ ├── EventProviders
│ │ ├── AuthResultCache.h
│ │ ├── AuthResultCache.mm
│ │ ├── AuthResultCacheTest.mm
│ │ ├── DiskArbitrationTestUtil.h
│ │ ├── DiskArbitrationTestUtil.mm
│ │ ├── EndpointSecurity
│ │ │ ├── Client.h
│ │ │ ├── ClientTest.mm
│ │ │ ├── EndpointSecurityAPI.h
│ │ │ ├── EndpointSecurityAPI.mm
│ │ │ ├── EnrichedTypes.h
│ │ │ ├── Enricher.h
│ │ │ ├── Enricher.mm
│ │ │ ├── EnricherTest.mm
│ │ │ ├── Message.h
│ │ │ ├── Message.mm
│ │ │ ├── MessageTest.mm
│ │ │ └── MockEndpointSecurityAPI.h
│ │ ├── RateLimiter.h
│ │ ├── RateLimiter.mm
│ │ ├── RateLimiterTest.mm
│ │ ├── SNTEndpointSecurityAuthorizer.h
│ │ ├── SNTEndpointSecurityAuthorizer.mm
│ │ ├── SNTEndpointSecurityAuthorizerTest.mm
│ │ ├── SNTEndpointSecurityClient.h
│ │ ├── SNTEndpointSecurityClient.mm
│ │ ├── SNTEndpointSecurityClientBase.h
│ │ ├── SNTEndpointSecurityClientTest.mm
│ │ ├── SNTEndpointSecurityDeviceManager.h
│ │ ├── SNTEndpointSecurityDeviceManager.mm
│ │ ├── SNTEndpointSecurityDeviceManagerTest.mm
│ │ ├── SNTEndpointSecurityEventHandler.h
│ │ ├── SNTEndpointSecurityFileAccessAuthorizer.h
│ │ ├── SNTEndpointSecurityFileAccessAuthorizer.mm
│ │ ├── SNTEndpointSecurityFileAccessAuthorizerTest.mm
│ │ ├── SNTEndpointSecurityRecorder.h
│ │ ├── SNTEndpointSecurityRecorder.mm
│ │ ├── SNTEndpointSecurityRecorderTest.mm
│ │ ├── SNTEndpointSecurityTamperResistance.h
│ │ ├── SNTEndpointSecurityTamperResistance.mm
│ │ ├── SNTEndpointSecurityTamperResistanceTest.mm
│ │ ├── SNTEndpointSecurityTreeAwareClient.h
│ │ └── SNTEndpointSecurityTreeAwareClient.mm
│ ├── Info.plist
│ ├── Logs
│ │ └── EndpointSecurity
│ │ │ ├── Logger.h
│ │ │ ├── Logger.mm
│ │ │ ├── LoggerTest.mm
│ │ │ ├── MockLogger.h
│ │ │ ├── Serializers
│ │ │ ├── BasicString.h
│ │ │ ├── BasicString.mm
│ │ │ ├── BasicStringTest.mm
│ │ │ ├── Empty.h
│ │ │ ├── Empty.mm
│ │ │ ├── EmptyTest.mm
│ │ │ ├── Protobuf.h
│ │ │ ├── Protobuf.mm
│ │ │ ├── ProtobufTest.mm
│ │ │ ├── SanitizableString.h
│ │ │ ├── SanitizableString.mm
│ │ │ ├── SanitizableStringTest.mm
│ │ │ ├── Serializer.h
│ │ │ ├── Serializer.mm
│ │ │ ├── Utilities.h
│ │ │ ├── Utilities.mm
│ │ │ └── UtilitiesTest.mm
│ │ │ └── Writers
│ │ │ ├── FSSpool
│ │ │ ├── BUILD
│ │ │ ├── binaryproto.proto
│ │ │ ├── binaryproto_proto_include_wrapper.h
│ │ │ ├── fsspool.cc
│ │ │ ├── fsspool.h
│ │ │ ├── fsspool_log_batch_writer.cc
│ │ │ ├── fsspool_log_batch_writer.h
│ │ │ ├── fsspool_nowindows.cc
│ │ │ ├── fsspool_platform_specific.h
│ │ │ └── fsspool_test.mm
│ │ │ ├── File.h
│ │ │ ├── File.mm
│ │ │ ├── FileTest.mm
│ │ │ ├── Null.h
│ │ │ ├── Null.mm
│ │ │ ├── Spool.h
│ │ │ ├── Spool.mm
│ │ │ ├── SpoolTest.mm
│ │ │ ├── Syslog.h
│ │ │ ├── Syslog.mm
│ │ │ └── Writer.h
│ ├── Metrics.h
│ ├── Metrics.mm
│ ├── MetricsTest.mm
│ ├── ProcessTree
│ │ ├── BUILD
│ │ ├── SNTEndpointSecurityAdapter.h
│ │ ├── SNTEndpointSecurityAdapter.mm
│ │ ├── annotations
│ │ │ ├── BUILD
│ │ │ ├── annotator.h
│ │ │ ├── originator.cc
│ │ │ ├── originator.h
│ │ │ └── originator_test.mm
│ │ ├── process.h
│ │ ├── process_tree.cc
│ │ ├── process_tree.h
│ │ ├── process_tree.proto
│ │ ├── process_tree_macos.h
│ │ ├── process_tree_macos.mm
│ │ ├── process_tree_test.mm
│ │ ├── process_tree_test_helpers.h
│ │ └── process_tree_test_helpers.mm
│ ├── SNTApplicationCoreMetrics.h
│ ├── SNTApplicationCoreMetrics.mm
│ ├── SNTApplicationCoreMetricsTest.mm
│ ├── SNTCompilerController.h
│ ├── SNTCompilerController.mm
│ ├── SNTCompilerControllerTest.mm
│ ├── SNTDaemonControlController.h
│ ├── SNTDaemonControlController.mm
│ ├── SNTDatabaseController.h
│ ├── SNTDatabaseController.m
│ ├── SNTDecisionCache.h
│ ├── SNTDecisionCache.mm
│ ├── SNTDecisionCacheTest.mm
│ ├── SNTExecutionController.h
│ ├── SNTExecutionController.mm
│ ├── SNTExecutionControllerTest.mm
│ ├── SNTNotificationQueue.h
│ ├── SNTNotificationQueue.m
│ ├── SNTPolicyProcessor.h
│ ├── SNTPolicyProcessor.mm
│ ├── SNTPolicyProcessorTest.mm
│ ├── SNTSyncdQueue.h
│ ├── SNTSyncdQueue.m
│ ├── Santad.h
│ ├── Santad.mm
│ ├── SantadDeps.h
│ ├── SantadDeps.mm
│ ├── SantadTest.mm
│ ├── TTYWriter.h
│ ├── TTYWriter.mm
│ ├── com.google.santa.daemon.systemextension-adhoc.entitlements
│ ├── main.mm
│ └── testdata
│ │ ├── BUILD
│ │ ├── binaryrules
│ │ ├── allowed_cdhash
│ │ ├── allowed_signingid
│ │ ├── allowed_teamid
│ │ ├── badbinary
│ │ ├── badbinary.c
│ │ ├── badcert
│ │ ├── badcert.c
│ │ ├── banned_cdhash
│ │ ├── banned_signingid
│ │ ├── banned_teamid
│ │ ├── banned_teamid.c
│ │ ├── banned_teamid_allowed_binary
│ │ ├── banned_teamid_allowed_binary.c
│ │ ├── cert_hash_allowed_signingid_blocked
│ │ ├── cert_hash_allowed_signingid_not_matched
│ │ ├── goodbinary
│ │ ├── goodbinary.c
│ │ ├── goodcert
│ │ ├── goodcert.c
│ │ ├── noop
│ │ ├── noop.c
│ │ └── rules.db
│ │ └── protobuf
│ │ ├── v1
│ │ ├── allowlist.json
│ │ ├── close.json
│ │ ├── exchangedata.json
│ │ ├── exec.json
│ │ ├── exit.json
│ │ ├── fork.json
│ │ ├── link.json
│ │ ├── rename.json
│ │ └── unlink.json
│ │ ├── v2
│ │ ├── allowlist.json
│ │ ├── close.json
│ │ ├── exchangedata.json
│ │ ├── exec.json
│ │ ├── exit.json
│ │ ├── fork.json
│ │ ├── link.json
│ │ ├── rename.json
│ │ └── unlink.json
│ │ ├── v4
│ │ ├── allowlist.json
│ │ ├── close.json
│ │ ├── cs_invalidated.json
│ │ ├── exchangedata.json
│ │ ├── exec.json
│ │ ├── exit.json
│ │ ├── fork.json
│ │ ├── link.json
│ │ ├── rename.json
│ │ └── unlink.json
│ │ ├── v5
│ │ ├── allowlist.json
│ │ ├── close.json
│ │ ├── cs_invalidated.json
│ │ ├── exchangedata.json
│ │ ├── exec.json
│ │ ├── exit.json
│ │ ├── fork.json
│ │ ├── link.json
│ │ ├── rename.json
│ │ └── unlink.json
│ │ └── v6
│ │ ├── allowlist.json
│ │ ├── close.json
│ │ ├── cs_invalidated.json
│ │ ├── exchangedata.json
│ │ ├── exec.json
│ │ ├── exit.json
│ │ ├── file_access.json
│ │ ├── fork.json
│ │ ├── link.json
│ │ ├── login_login.json
│ │ ├── login_login_failed_attempt.json
│ │ ├── lw_session_lock.json
│ │ ├── lw_session_login.json
│ │ ├── lw_session_logout.json
│ │ ├── lw_session_unlock.json
│ │ ├── openssh_login.json
│ │ ├── openssh_login_failed_attempt.json
│ │ ├── openssh_logout.json
│ │ ├── rename.json
│ │ ├── screensharing_attach.json
│ │ ├── screensharing_attach_unset_fields.json
│ │ ├── screensharing_detach.json
│ │ └── unlink.json
├── santametricservice
│ ├── BUILD
│ ├── Formats
│ │ ├── BUILD
│ │ ├── SNTMetricFormat.h
│ │ ├── SNTMetricFormatTestHelper.h
│ │ ├── SNTMetricFormatTestHelper.m
│ │ ├── SNTMetricMonarchJSONFormat.h
│ │ ├── SNTMetricMonarchJSONFormat.m
│ │ ├── SNTMetricMonarchJSONFormatTest.m
│ │ ├── SNTMetricRawJSONFormat.h
│ │ ├── SNTMetricRawJSONFormat.m
│ │ ├── SNTMetricRawJSONFormatTest.m
│ │ └── testdata
│ │ │ └── json
│ │ │ ├── monarch.json
│ │ │ └── test.json
│ ├── Info.plist
│ ├── SNTMetricService.h
│ ├── SNTMetricService.m
│ ├── SNTMetricServiceTest.m
│ ├── Writers
│ │ ├── BUILD
│ │ ├── SNTMetricFileWriter.h
│ │ ├── SNTMetricFileWriter.m
│ │ ├── SNTMetricFileWriterTest.m
│ │ ├── SNTMetricHTTPWriter.h
│ │ ├── SNTMetricHTTPWriter.m
│ │ ├── SNTMetricHTTPWriterTest.m
│ │ └── SNTMetricWriter.h
│ └── main.m
└── santasyncservice
│ ├── BUILD
│ ├── Info.plist
│ ├── NSData+Zlib.h
│ ├── NSData+Zlib.m
│ ├── NSDataZlibTest.m
│ ├── SNTPushNotifications.h
│ ├── SNTPushNotifications.m
│ ├── SNTPushNotificationsTracker.h
│ ├── SNTPushNotificationsTracker.m
│ ├── SNTSyncBroadcaster.h
│ ├── SNTSyncBroadcaster.m
│ ├── SNTSyncEventUpload.h
│ ├── SNTSyncEventUpload.mm
│ ├── SNTSyncFCM.h
│ ├── SNTSyncFCM.m
│ ├── SNTSyncLogging.h
│ ├── SNTSyncLogging.m
│ ├── SNTSyncManager.h
│ ├── SNTSyncManager.m
│ ├── SNTSyncPostflight.h
│ ├── SNTSyncPostflight.mm
│ ├── SNTSyncPreflight.h
│ ├── SNTSyncPreflight.mm
│ ├── SNTSyncRuleDownload.h
│ ├── SNTSyncRuleDownload.mm
│ ├── SNTSyncService.h
│ ├── SNTSyncService.m
│ ├── SNTSyncStage.h
│ ├── SNTSyncStage.mm
│ ├── SNTSyncState.h
│ ├── SNTSyncState.m
│ ├── SNTSyncTest.mm
│ ├── main.m
│ ├── syncv1.proto
│ └── testdata
│ ├── sync_eventupload_input_basic.plist
│ ├── sync_eventupload_input_quarantine.plist
│ ├── sync_preflight_basic.gz
│ ├── sync_preflight_basic.json
│ ├── sync_preflight_basic.z
│ ├── sync_preflight_blockusb_absent.json
│ ├── sync_preflight_lockdown.json
│ ├── sync_preflight_request.json
│ ├── sync_preflight_turn_off_blockusb.json
│ ├── sync_preflight_turn_on_blockusb.json
│ ├── sync_ruledownload_batch1.json
│ └── sync_ruledownload_batch2.json
├── Testing
├── clang_analyzer
│ └── run_clang_analyzer.sh
├── fix.sh
├── integration
│ ├── BUILD
│ ├── SNTExecTest.m
│ ├── VM
│ │ ├── Common
│ │ │ ├── BUILD
│ │ │ ├── Error.h
│ │ │ ├── Info.plist
│ │ │ ├── MacOSVirtualMachineConfigurationHelper.h
│ │ │ ├── MacOSVirtualMachineConfigurationHelper.m
│ │ │ ├── MacOSVirtualMachineDelegate.h
│ │ │ ├── MacOSVirtualMachineDelegate.m
│ │ │ └── VM.entitlements
│ │ ├── InstallationTool
│ │ │ ├── BUILD
│ │ │ ├── MacOSRestoreImage.h
│ │ │ ├── MacOSRestoreImage.m
│ │ │ ├── MacOSVirtualMachineInstaller.h
│ │ │ ├── MacOSVirtualMachineInstaller.m
│ │ │ └── main.m
│ │ ├── LICENSE
│ │ ├── VMCLI
│ │ │ ├── BUILD
│ │ │ └── main.m
│ │ ├── VMGUI
│ │ │ ├── AppDelegate.h
│ │ │ ├── AppDelegate.m
│ │ │ ├── BUILD
│ │ │ ├── Resources
│ │ │ │ └── MainMenu.xib
│ │ │ └── main.m
│ │ ├── bash_control.sh
│ │ ├── disclaim.c
│ │ ├── make_ro_img.sh
│ │ └── setup.sh
│ ├── actions
│ │ ├── start_vm.py
│ │ └── update_vm.py
│ ├── allow_sysex.scpt
│ ├── configs
│ │ ├── default.mobileconfig
│ │ ├── moroz_changed
│ │ │ └── global.toml
│ │ ├── moroz_default
│ │ │ └── global.toml
│ │ └── usb-block.mobileconfig
│ ├── dismiss_santa_popup.scpt
│ ├── dismiss_usb_popup.scpt
│ ├── install_profile.scpt
│ ├── test_config_changes.sh
│ ├── test_sync_changes.sh
│ └── test_usb.sh
└── lint.sh
├── WORKSPACE
├── docs
├── .gitignore
├── CNAME
├── Gemfile
├── _config.yml
├── _sass
│ └── custom
│ │ └── custom.scss
├── binaries
│ ├── block.png
│ ├── blocked_execution.png
│ ├── blocked_faa.png
│ ├── index.md
│ ├── mount_forced_flags.png
│ ├── push.png
│ ├── santa-gui.md
│ ├── santabundleservice.md
│ ├── santactl.md
│ ├── santad.md
│ ├── santametricservice.md
│ └── santasyncservice.md
├── concepts
│ ├── events.md
│ ├── index.md
│ ├── ipc.md
│ ├── logs.md
│ ├── mode.md
│ ├── rules.md
│ ├── santa_ipc.png
│ └── scopes.md
├── deployment
│ ├── com.google.santa.example.mobileconfig
│ ├── configuration.md
│ ├── file-access-auth.md
│ ├── getting-started.md
│ ├── index.md
│ ├── notificationsettings.santa.example.mobileconfig
│ ├── recommended-rollout-strategy.md
│ ├── sync-servers.md
│ ├── system-extension-policy.santa.example.mobileconfig
│ ├── tcc.configuration-profile-policy.santa.example.mobileconfig
│ └── troubleshooting.md
├── development
│ ├── building.md
│ ├── contributing.md
│ ├── index.md
│ └── sync-protocol.md
├── images
│ ├── santa-block.gif
│ └── santa-sleigh-256.png
├── index.md
├── introduction
│ ├── binary-authorization-overview.md
│ ├── index.md
│ └── syncing-overview.md
└── known-limitations.md
├── external
├── external_patches
├── OCMock
│ ├── 503.patch
│ └── BUILD
├── README.md
└── moroz
│ ├── BUILD
│ ├── deps.bzl
│ └── moroz.patch
├── generate_cov.sh
├── helper.bzl
├── non_module_deps.bzl
└── profiles
└── BUILD
/.allstar/binary_artifacts.yaml:
--------------------------------------------------------------------------------
1 | # Ignore reason: These crafted binaries are used in tests
2 | ignorePaths:
3 | - Fuzzing/common/MachOParse_corpus/ret0
4 | - Source/common/testdata/bad_pagezero
5 | - Source/common/testdata/missing_pagezero
6 | - Source/common/testdata/missing_pagezero
7 | - Source/common/testdata/missing_pagezero
8 | - Source/common/testdata/32bitplist
9 | - Source/common/testdata/BundleExample.app/Contents/MacOS/BundleExample
10 | - Source/common/testdata/DirectoryBundle/Contents/MacOS/DirectoryBundle
11 | - Source/common/testdata/DirectoryBundle/Contents/Resources/BundleExample.app/Contents/MacOS/BundleExample
12 | - Source/santad/testdata/binaryrules/badbinary
13 | - Source/santad/testdata/binaryrules/goodbinary
14 | - Source/santad/testdata/binaryrules/badcert
15 | - Source/santad/testdata/binaryrules/banned_teamid_allowed_binary
16 | - Source/santad/testdata/binaryrules/banned_teamid
17 | - Source/santad/testdata/binaryrules/goodcert
18 | - Source/santad/testdata/binaryrules/noop
19 | - Source/santad/testdata/binaryrules/rules.db
20 |
--------------------------------------------------------------------------------
/.bazelversion:
--------------------------------------------------------------------------------
1 | 7.0.0
2 |
--------------------------------------------------------------------------------
/.clang-format:
--------------------------------------------------------------------------------
1 | Language: ObjC
2 | BasedOnStyle: Google
3 |
4 | IndentWidth: 2
5 | ObjCBlockIndentWidth: 2
6 | ContinuationIndentWidth: 2
7 |
8 | # For ObjC, the line limit is 100
9 | ColumnLimit: 100
10 |
11 | # Allow short case statements to be on a single line
12 | AllowShortCaseLabelsOnASingleLine: true
13 |
14 | AllowShortLoopsOnASingleLine: false
15 | AllowShortFunctionsOnASingleLine: Inline
16 |
17 | # Allow spaces in NSArray/NSDictionary literals @[ and @{
18 | SpacesInContainerLiterals: true
19 |
20 | # For pointers, always put the * next to the variable name.
21 | DerivePointerAlignment: false
22 | PointerAlignment: Right
23 |
24 |
25 | ---
26 | Language: Cpp
27 | Standard: Cpp11
28 |
29 | BasedOnStyle: Google
30 |
31 | # For C++, the line limit is 80
32 | ColumnLimit: 80
33 |
--------------------------------------------------------------------------------
/.github/workflows/check-markdown.yml:
--------------------------------------------------------------------------------
1 | name: Check Markdown
2 |
3 | on:
4 | pull_request:
5 | paths:
6 | - "**.md"
7 |
8 | jobs:
9 | markdown-check:
10 | runs-on: ubuntu-latest
11 | steps:
12 | - name: "Checkout Santa"
13 | uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # ratchet:actions/checkout@v4
14 | - name: "Check for deadlinks"
15 | uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # ratchet:lycheeverse/lychee-action@v1
16 | with:
17 | fail: true
18 | - name: "Check for trailing whitespace and newlines"
19 | if: '!cancelled()'
20 | run: "! git grep -EIn $'[ \t]+$' -- ':(exclude)*.patch'"
21 |
--------------------------------------------------------------------------------
/.github/workflows/continuous.yml:
--------------------------------------------------------------------------------
1 | name: continuous
2 | on:
3 | schedule:
4 | - cron: '0 10 * * *' # Every day at 10:00 UTC
5 | workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
6 |
7 | jobs:
8 | preqs:
9 | runs-on: macos-latest
10 | steps:
11 | - uses: actions/checkout@v3
12 | - name: Checks for flaky tests
13 | run: bazel test --test_strategy=exclusive --test_output=errors --runs_per_test 50 -t- :unit_tests --define=SANTA_BUILD_TYPE=adhoc
14 |
--------------------------------------------------------------------------------
/.github/workflows/fuzz.yml:
--------------------------------------------------------------------------------
1 | name: Fuzzing
2 |
3 | on:
4 | schedule:
5 | - cron: '0 6 * * *' # Every day at 6:00 UTC
6 | workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
7 |
8 | jobs:
9 | start_vm:
10 | runs-on: e2e-host
11 | steps:
12 | - uses: actions/checkout@v3
13 | - name: Start VM
14 | run: python3 Testing/integration/actions/start_vm.py macOS_13.bundle.tar.gz
15 |
16 | fuzz:
17 | runs-on: e2e-vm
18 | steps:
19 | - uses: actions/checkout@v3
20 | - name: Setup libfuzzer
21 | run: Fuzzing/install_libclang_fuzzer.sh
22 | - name: Fuzz
23 | run: |
24 | for target in $(bazel query 'kind(fuzzing_launcher, //Fuzzing:all)'); do
25 | bazel run --config=fuzz $target -- -- -max_len=32768 -runs=1000000 -timeout=5
26 | done
27 | - name: Upload crashes
28 | uses: actions/upload-artifact@v1
29 | if: failure()
30 | with:
31 | name: artifacts
32 | path: /tmp/fuzzing/artifacts
33 | - name: Poweroff VM
34 | if: ${{ always() }}
35 | run: sudo shutdown -h +1
36 |
--------------------------------------------------------------------------------
/.github/workflows/sanitizers.yml:
--------------------------------------------------------------------------------
1 | name: sanitizers
2 | on:
3 | schedule:
4 | - cron: '0 16 * * *'
5 | workflow_dispatch:
6 |
7 | jobs:
8 | test:
9 | runs-on: macos-latest
10 | strategy:
11 | matrix:
12 | sanitizer: [asan, tsan, ubsan]
13 | steps:
14 | - uses: actions/checkout@v3
15 | - name: ${{ matrix.sanitizer }}
16 | run: |
17 | CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
18 | DYLIB_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.${{ matrix.sanitizer }}_osx_dynamic.dylib"
19 |
20 | bazel test --config=${{ matrix.sanitizer }} \
21 | --test_strategy=exclusive --test_output=all \
22 | --test_env=DYLD_INSERT_LIBRARIES=${DYLIB_PATH} \
23 | --runs_per_test 5 -t- :unit_tests \
24 | --define=SANTA_BUILD_TYPE=adhoc
25 | - name: Upload logs
26 | uses: actions/upload-artifact@v1
27 | if: failure()
28 | with:
29 | name: logs
30 | path: /tmp/san_out*
31 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | *.profraw
3 | *.provisionprofile
4 | bazel-*
5 | MODULE.bazel.lock
6 | Santa.xcodeproj/*
7 | Santa.xcworkspace/*
8 | CoverageData/*
9 | *.tulsiconf-user
10 | xcuserdata
11 | tulsigen-*
12 | *.crt
13 | *.key
14 | *.pem
15 | *.p12
16 | *.keychain
17 | *.swp
18 | compile_commands.json
19 | .cache/
20 | .vscode/*
21 |
--------------------------------------------------------------------------------
/.pyink-config:
--------------------------------------------------------------------------------
1 | [tool.pyink]
2 | pyink = true
3 | line-length = 80
4 | pyink-indentation = 2
5 | pyink-use-majority-quotes = true
6 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @google/macendpoints
2 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | docs/development/contributing.md
--------------------------------------------------------------------------------
/Conf/Package/Distribution.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Santa
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 | app.pkg
15 |
16 |
17 |
--------------------------------------------------------------------------------
/Conf/Package/notarization_tool.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Example NOTARIZATION_TOOL wrapper.
4 |
5 | /usr/bin/xcrun notarytool submit "${2}" --wait \
6 | --apple-id "${NOTARIZATION_USERNAME}" --password "${NOTARIZATION_PASSWORD}"
7 |
--------------------------------------------------------------------------------
/Conf/Package/preinstall:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Unload the kernel extension, santad, sync client
4 | # If a user is logged in, also unload the GUI agent.
5 | # If the target volume is not /, do nothing
6 |
7 | [[ $3 != "/" ]] && exit 0
8 |
9 | /bin/launchctl remove com.google.santad || true
10 | /bin/launchctl remove com.google.santa.bundleservice || true
11 | /bin/launchctl remove com.google.santa.metricservice || true
12 | /bin/launchctl remove com.google.santa.syncservice || true
13 |
14 | /bin/sleep 1
15 |
16 | /sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1 || true
17 |
18 | # Remove cruft from old Santa versions
19 | /bin/rm -f /usr/libexec/santad
20 | /bin/rm -f /usr/sbin/santactl
21 | /bin/launchctl remove com.google.santasync
22 | /bin/rm -f /Library/LaunchDaemons/com.google.santasync.plist
23 | /bin/rm -rf /Applications/Santa.app
24 | /bin/rm -rf /Library/Extensions/santa-driver.kext
25 |
26 | /bin/sleep 1
27 |
28 | GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
29 | [[ -z "${GUI_USER}" ]] && exit 0
30 |
31 | /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santagui
32 | /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santa
33 | exit 0
34 |
--------------------------------------------------------------------------------
/Conf/com.google.santa.bundleservice.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.google.santa.bundleservice
7 | ProgramArguments
8 |
9 | /Applications/Santa.app/Contents/MacOS/santabundleservice
10 | --syslog
11 |
12 | MachServices
13 |
14 | com.google.santa.bundleservice
15 |
16 |
17 | RunAtLoad
18 |
19 | KeepAlive
20 |
21 | ProcessType
22 | Interactive
23 | ThrottleInterval
24 | 0
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Conf/com.google.santa.metricservice.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.google.santa.metricservice
7 | ProgramArguments
8 |
9 | /Applications/Santa.app/Contents/MacOS/santametricservice
10 | --syslog
11 |
12 | MachServices
13 |
14 | com.google.santa.metricservice
15 |
16 |
17 | RunAtLoad
18 |
19 | KeepAlive
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/Conf/com.google.santa.newsyslog.conf:
--------------------------------------------------------------------------------
1 | # logfilename [owner:group] mode count size(KiB) when flags [/pid_file] # [sig_num]
2 | /var/db/santa/santa.log root:wheel 644 10 25000 * Z
3 |
--------------------------------------------------------------------------------
/Conf/com.google.santa.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.google.santa
7 | ProgramArguments
8 |
9 | /Applications/Santa.app/Contents/MacOS/Santa
10 | --syslog
11 |
12 | RunAtLoad
13 |
14 | KeepAlive
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/Conf/com.google.santa.syncservice.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.google.santa.syncservice
7 | ProgramArguments
8 |
9 | /Applications/Santa.app/Contents/MacOS/santasyncservice
10 | --syslog
11 |
12 | MachServices
13 |
14 | com.google.santa.syncservice
15 |
16 |
17 | RunAtLoad
18 |
19 | KeepAlive
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/Conf/com.google.santad.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.google.santad
7 | ProgramArguments
8 |
9 | /Applications/Santa.app/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon
10 | --syslog
11 |
12 | MachServices
13 |
14 | com.google.santa.daemon
15 |
16 |
17 | RunAtLoad
18 |
19 | KeepAlive
20 |
21 | ProcessType
22 | Interactive
23 |
24 |
25 |
--------------------------------------------------------------------------------
/Fuzzing/BUILD:
--------------------------------------------------------------------------------
1 | load("fuzzing.bzl", "objc_fuzz_test")
2 |
3 | objc_fuzz_test(
4 | name = "MachOParse",
5 | srcs = ["common/MachOParse.mm"],
6 | corpus = glob(["common/MachOParse_corpus/*"]),
7 | linkopts = ["-lsqlite3"],
8 | deps = [
9 | "//Source/common:SNTFileInfo",
10 | ],
11 | )
12 |
--------------------------------------------------------------------------------
/Fuzzing/common/MachOParse.mm:
--------------------------------------------------------------------------------
1 | #import
2 | #include
3 | #include
4 | #include
5 |
6 | #import "Source/common/SNTFileInfo.h"
7 |
8 | int get_num_fds() {
9 | return proc_pidinfo(getpid(), PROC_PIDLISTFDS, 0, NULL, 0) / PROC_PIDLISTFD_SIZE;
10 | }
11 |
12 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
13 | static NSString *tmpPath =
14 | [NSTemporaryDirectory() stringByAppendingPathComponent:[[NSUUID UUID] UUIDString]];
15 |
16 | int num_fds_pre = get_num_fds();
17 |
18 | @autoreleasepool {
19 | NSData *input = [NSData dataWithBytesNoCopy:(void *)data length:size freeWhenDone:false];
20 | [input writeToFile:tmpPath atomically:false];
21 |
22 | NSError *error;
23 | SNTFileInfo *fi = [[SNTFileInfo alloc] initWithResolvedPath:tmpPath error:&error];
24 | if (!fi || error != nil) {
25 | NSLog(@"Error: %@", error);
26 | return -1;
27 | }
28 |
29 | // Mach-O Parsing
30 | [fi architectures];
31 | [fi isMissingPageZero];
32 | [fi infoPlist];
33 | }
34 |
35 | if (num_fds_pre != get_num_fds()) {
36 | abort();
37 | }
38 |
39 | return 0;
40 | }
41 |
--------------------------------------------------------------------------------
/Fuzzing/common/MachOParse_corpus/ret0:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Fuzzing/common/MachOParse_corpus/ret0
--------------------------------------------------------------------------------
/Fuzzing/fuzzing.bzl:
--------------------------------------------------------------------------------
1 | """Utilities for fuzzing Santa"""
2 |
3 | load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
4 |
5 | def objc_fuzz_test(name, srcs, deps, corpus, linkopts = [], **kwargs):
6 | native.objc_library(
7 | name = "%s_lib" % name,
8 | srcs = srcs,
9 | deps = deps,
10 | **kwargs
11 | )
12 |
13 | cc_fuzz_test(
14 | name = name,
15 | deps = [
16 | "%s_lib" % name,
17 | ],
18 | linkopts = linkopts,
19 | corpus = corpus,
20 | )
21 |
--------------------------------------------------------------------------------
/Fuzzing/install_libclang_fuzzer.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Xcode doesn't include the fuzzer runtime, but the one LLVM ships is compatible with Apple clang.
3 | set -uexo pipefail
4 |
5 | CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
6 | DST_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a"
7 |
8 | if [ -f ${DST_PATH} ]; then
9 | exit 0;
10 | fi
11 |
12 | curl -O -L https://github.com/llvm/llvm-project/releases/download/llvmorg-${CLANG_VERSION}/clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz
13 | tar xvf clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a
14 | cp clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a ${DST_PATH}
15 |
--------------------------------------------------------------------------------
/Fuzzing/santacache/.gitignore:
--------------------------------------------------------------------------------
1 | santacache.dSYM
2 | santacache
3 |
4 |
--------------------------------------------------------------------------------
/Fuzzing/santacache/santacache_fuzzer_seed_corpus/example01:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Fuzzing/santacache/santacache_fuzzer_seed_corpus/example01
--------------------------------------------------------------------------------
/Fuzzing/santacache/src/main.cpp:
--------------------------------------------------------------------------------
1 | /// Copyright 2018 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include
16 |
17 | #include
18 | #include
19 |
20 | extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data,
21 | std::size_t size) {
22 | static SantaCache decision_cache(5000, 2);
23 |
24 | std::uint64_t fields[2] = {};
25 |
26 | if (size > 16) {
27 | std::cout << "Invalid size! Start with -max_len=16\n";
28 | return 1;
29 | }
30 |
31 | std::memcpy(fields, data, size);
32 |
33 | decision_cache.set(fields[0], fields[1]);
34 | auto returned_value = decision_cache.get(fields[0]);
35 |
36 | if (returned_value != fields[1]) {
37 | std::cout << fields[0] << ", " << fields[1] << " -> " << returned_value
38 | << "\n";
39 | return 1;
40 | }
41 |
42 | return 0;
43 | }
44 |
--------------------------------------------------------------------------------
/Fuzzing/santactl/santactl_fuzzer_seed_corpus/example01:
--------------------------------------------------------------------------------
1 | {
2 | "rules": [
3 | {
4 | "rule_type": "BINARY",
5 | "policy": "BLACKLIST",
6 | "sha256": "2dc104631939b4bdf5d6bccab76e166e37fe5e1605340cf68dab919df58b8eda",
7 | "custom_msg": "blacklist firefox"
8 | },
9 | {
10 | "rule_type": "CERTIFICATE",
11 | "policy": "BLACKLIST",
12 | "sha256": "e7726cf87cba9e25139465df5bd1557c8a8feed5c7dd338342d8da0959b63c8d",
13 | "custom_msg": "blacklist dash app certificate"
14 | }
15 | ]
16 | }
17 |
--------------------------------------------------------------------------------
/Fuzzing/santad/santad_checkCacheForVnodeID_fuzzer_seed_corpus/example01:
--------------------------------------------------------------------------------
1 | ��"3DUfw
--------------------------------------------------------------------------------
/Fuzzing/santad/santad_databaseRemoveEventsWithIDs_fuzzer_seed_corpus/example01:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Fuzzing/santad/santad_databaseRemoveEventsWithIDs_fuzzer_seed_corpus/example01
--------------------------------------------------------------------------------
/Fuzzing/santad/santad_databaseRuleAddRules_fuzzer_seed_corpus/example01:
--------------------------------------------------------------------------------
1 | ������������00112233445566778899aabbccddeeff�
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Reporting a Vulnerability
2 |
3 | If you believe you have found a security vulnerability, we would appreciate a private report
4 | so that we can work on and release a fix before public disclosure. Any vulnerabilities reported to us will be
5 | disclosed publicly either when a new version with fixes is released or 90 days has passed,
6 | whichever comes first.
7 |
8 | To report vulnerabilities to us privately, either:
9 |
10 | 1) Report the vulnerability [through GitHub](https://github.com/google/santa/security/advisories/new).
11 |
12 | 2) E-mail `santa-team@google.com`. If you want to encrypt your e-mail, you can use our GPG key `0x92AFE41DAB49BBB6` available on keyserver.ubuntu.com:
13 |
14 | `gpg --keyserver keyserver.ubuntu.com --recv-key 0x92AFE41DAB49BBB6`
15 |
--------------------------------------------------------------------------------
/Source/common/BranchPrediction.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__BRANCHPREDICTION_H
16 | #define SANTA__COMMON__BRANCHPREDICTION_H
17 |
18 | // Helpful macros to use when the the outcome is largely known
19 | #define likely(x) __builtin_expect(!!(x), 1)
20 | #define unlikely(x) __builtin_expect(!!(x), 0)
21 |
22 | #endif
23 |
--------------------------------------------------------------------------------
/Source/common/Platform.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__PLATFORM_H
16 | #define SANTA__COMMON__PLATFORM_H
17 |
18 | #include
19 |
20 | #if defined(MAC_OS_VERSION_13_0) && \
21 | MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_13_0
22 | #define HAVE_MACOS_13 1
23 | #else
24 | #define HAVE_MACOS_13 0
25 | #endif
26 |
27 | #if defined(MAC_OS_VERSION_14_0) && \
28 | MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_14_0
29 | #define HAVE_MACOS_14 1
30 | #else
31 | #define HAVE_MACOS_14 0
32 | #endif
33 |
34 | #if defined(MAC_OS_VERSION_15_0) && \
35 | MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_15_0
36 | #define HAVE_MACOS_15 1
37 | #else
38 | #define HAVE_MACOS_15 0
39 | #endif
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/Source/common/SNTCachedDecision.mm:
--------------------------------------------------------------------------------
1 |
2 | /// Copyright 2015-2022 Google Inc. All rights reserved.
3 | ///
4 | /// Licensed under the Apache License, Version 2.0 (the "License");
5 | /// you may not use this file except in compliance with the License.
6 | /// You may obtain a copy of the License at
7 | ///
8 | /// http://www.apache.org/licenses/LICENSE-2.0
9 | ///
10 | /// Unless required by applicable law or agreed to in writing, software
11 | /// distributed under the License is distributed on an "AS IS" BASIS,
12 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | /// See the License for the specific language governing permissions and
14 | /// limitations under the License.
15 |
16 | #import "Source/common/SNTCachedDecision.h"
17 |
18 | @implementation SNTCachedDecision
19 |
20 | - (instancetype)init {
21 | return [self initWithVnode:(SantaVnode){}];
22 | }
23 |
24 | - (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile {
25 | return [self initWithVnode:SantaVnode::VnodeForFile(esFile)];
26 | }
27 |
28 | - (instancetype)initWithVnode:(SantaVnode)vnode {
29 | self = [super init];
30 | if (self) {
31 | _vnodeId = vnode;
32 | }
33 | return self;
34 | }
35 |
36 | @end
37 |
--------------------------------------------------------------------------------
/Source/common/SNTCachedDecisionTest.mm:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTCachedDecision.h"
18 | #include "Source/common/TestUtils.h"
19 |
20 | @interface SNTCachedDecisionTest : XCTestCase
21 | @end
22 |
23 | @implementation SNTCachedDecisionTest
24 |
25 | - (void)testSNTCachedDecisionInit {
26 | // Ensure the vnodeId field is properly set from the es_file_t
27 | struct stat sb = MakeStat();
28 | es_file_t file = MakeESFile("foo", sb);
29 |
30 | SNTCachedDecision *cd = [[SNTCachedDecision alloc] initWithEndpointSecurityFile:&file];
31 |
32 | XCTAssertEqual(sb.st_ino, cd.vnodeId.fileid);
33 | XCTAssertEqual(sb.st_dev, cd.vnodeId.fsid);
34 | }
35 |
36 | @end
37 |
--------------------------------------------------------------------------------
/Source/common/SNTDeepCopy.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @interface NSArray (SNTDeepCopy)
18 |
19 | - (instancetype)sntDeepCopy;
20 |
21 | @end
22 |
23 | @interface NSDictionary (SNTDeepCopy)
24 |
25 | - (instancetype)sntDeepCopy;
26 |
27 | @end
28 |
--------------------------------------------------------------------------------
/Source/common/SNTDeviceEvent.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @interface SNTDeviceEvent : NSObject
18 |
19 | - (instancetype)initWithOnName:(NSString *)mntonname fromName:(NSString *)mntfromname;
20 |
21 | @property NSString *mntonname;
22 | @property NSString *mntfromname;
23 | @property NSArray *remountArgs;
24 |
25 | - (NSString *)readableRemountArgs;
26 |
27 | @end
28 |
--------------------------------------------------------------------------------
/Source/common/SNTDropRootPrivs.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | ///
18 | /// Simple function to check and drop root privileges.
19 | ///
20 | /// @return YES if dropping was successful or unnecessary.
21 | ///
22 | BOOL DropRootPrivileges(void);
23 |
--------------------------------------------------------------------------------
/Source/common/SNTDropRootPrivs.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/common/SNTDropRootPrivs.h"
16 |
17 | BOOL DropRootPrivileges() {
18 | if (getuid() == 0 || geteuid() == 0 || getgid() == 0 || getegid() == 0) {
19 | uid_t nobody = (uid_t)-2;
20 | if (setgid(nobody) != 0 || setgroups(0, NULL) != 0 || setegid(nobody) != 0 ||
21 | setuid(nobody) != 0 || seteuid(nobody) != 0) {
22 | return false;
23 | }
24 |
25 | if (getuid() != geteuid() || getgid() != getegid()) {
26 | return false;
27 | }
28 | }
29 |
30 | return true;
31 | }
32 |
--------------------------------------------------------------------------------
/Source/common/SNTStrengthify.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2016-2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | // clang-format off
16 |
17 | #define STRONGIFY(var) \
18 | _Pragma("clang diagnostic push") \
19 | _Pragma("clang diagnostic ignored \"-Wshadow\"") \
20 | __strong __typeof(var) var = (Weak_##var); \
21 | _Pragma("clang diagnostic pop")
22 |
23 | #define WEAKIFY(var) __weak __typeof(var) Weak_##var = (var);
24 |
25 | // clang-format on
26 |
--------------------------------------------------------------------------------
/Source/common/SNTXPCNotifierInterface.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/common/SNTXPCNotifierInterface.h"
16 |
17 | @implementation SNTXPCNotifierInterface
18 |
19 | + (NSXPCInterface *)notifierInterface {
20 | return [NSXPCInterface interfaceWithProtocol:@protocol(SNTNotifierXPC)];
21 | }
22 |
23 | @end
24 |
--------------------------------------------------------------------------------
/Source/common/SantaVnode.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__SANTAVNODE_H
16 | #define SANTA__COMMON__SANTAVNODE_H
17 |
18 | #include
19 | #include
20 |
21 | // Struct to manage vnode IDs
22 | typedef struct SantaVnode {
23 | dev_t fsid;
24 | ino_t fileid;
25 |
26 | #ifdef __cplusplus
27 | bool operator==(const SantaVnode &rhs) const {
28 | return fsid == rhs.fsid && fileid == rhs.fileid;
29 | }
30 |
31 | static inline SantaVnode VnodeForFile(const struct stat &sb) {
32 | return SantaVnode{
33 | .fsid = sb.st_dev,
34 | .fileid = sb.st_ino,
35 | };
36 | }
37 |
38 | static inline SantaVnode VnodeForFile(const es_file_t *es_file) {
39 | return VnodeForFile(es_file->stat);
40 | }
41 | #endif
42 | } SantaVnode;
43 |
44 | #endif
45 |
--------------------------------------------------------------------------------
/Source/common/SantaVnodeHash.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__SANTAVNODEHASH_H
16 | #define SANTA__COMMON__SANTAVNODEHASH_H
17 |
18 | #include "Source/common/SantaCache.h"
19 | #include "Source/common/SantaVnode.h"
20 |
21 | template <>
22 | uint64_t SantaCacheHasher(SantaVnode const &t);
23 |
24 | #endif
25 |
--------------------------------------------------------------------------------
/Source/common/SantaVnodeHash.mm:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include "Source/common/SantaVnodeHash.h"
16 |
17 | template <>
18 | uint64_t SantaCacheHasher(SantaVnode const &t) {
19 | return (SantaCacheHasher(t.fsid) << 1) ^ SantaCacheHasher(t.fileid);
20 | }
21 |
--------------------------------------------------------------------------------
/Source/common/ScopedCFTypeRef.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__SCOPEDCFTYPEREF_H
16 | #define SANTA__COMMON__SCOPEDCFTYPEREF_H
17 |
18 | #include
19 |
20 | #include "Source/common/ScopedTypeRef.h"
21 |
22 | namespace santa {
23 |
24 | template
25 | using ScopedCFTypeRef = ScopedTypeRef;
26 |
27 | } // namespace santa
28 |
29 | #endif
30 |
--------------------------------------------------------------------------------
/Source/common/ScopedIOObjectRef.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__SCOPEDIOOBJECTREF_H
16 | #define SANTA__COMMON__SCOPEDIOOBJECTREF_H
17 |
18 | #include
19 |
20 | #include "Source/common/ScopedTypeRef.h"
21 |
22 | namespace santa {
23 |
24 | template
25 | using ScopedIOObjectRef =
26 | ScopedTypeRef;
27 |
28 | }
29 |
30 | #endif // namespace santa
31 |
--------------------------------------------------------------------------------
/Source/common/SigningIDHelpers.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2024 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 | #import
17 |
18 | __BEGIN_DECLS
19 |
20 | /**
21 | Return a string representing normalized SigningID (prefixed with TeamID and a
22 | colon).
23 |
24 | @param csc A MOLCodesignChecker instance
25 |
26 | @return An NSString formated as teamID:signingID or nil if there isn't a valid signing ID.
27 | */
28 | NSString *FormatSigningID(MOLCodesignChecker *csc);
29 |
30 | __END_DECLS
31 |
--------------------------------------------------------------------------------
/Source/common/SigningIDHelpers.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2024 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/common/SigningIDHelpers.h"
16 | #import "Source/common/SNTLogging.h"
17 |
18 | NSString *FormatSigningID(MOLCodesignChecker *csc) {
19 | if (!csc.signingID.length) {
20 | return nil;
21 | }
22 |
23 | if (!csc.teamID.length) {
24 | if (csc.platformBinary) {
25 | return [NSString stringWithFormat:@"%@:%@", @"platform", csc.signingID];
26 | } else {
27 | LOGD(@"unable to format signing ID missing team ID for non-platform binary");
28 | return nil;
29 | }
30 | }
31 |
32 | return [NSString stringWithFormat:@"%@:%@", csc.teamID, csc.signingID];
33 | }
34 |
--------------------------------------------------------------------------------
/Source/common/Unit.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON__UNIT_H
16 | #define SANTA__COMMON__UNIT_H
17 |
18 | namespace santa {
19 |
20 | struct Unit {};
21 |
22 | } // namespace santa
23 |
24 | #endif
25 |
--------------------------------------------------------------------------------
/Source/common/santa_proto_include_wrapper.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__COMMON_SANTA_PROTO_INCLUDE_WRAPPER_H
16 | #define SANTA__COMMON_SANTA_PROTO_INCLUDE_WRAPPER_H
17 |
18 | #include "Source/common/santa.pb.h"
19 |
20 | #endif
21 |
--------------------------------------------------------------------------------
/Source/common/testdata/32bitplist:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/32bitplist
--------------------------------------------------------------------------------
/Source/common/testdata/BundleExample.app/Contents/MacOS/BundleExample:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/BundleExample.app/Contents/MacOS/BundleExample
--------------------------------------------------------------------------------
/Source/common/testdata/DirectoryBundle/Contents/MacOS/DirectoryBundle:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/DirectoryBundle/Contents/MacOS/DirectoryBundle
--------------------------------------------------------------------------------
/Source/common/testdata/DirectoryBundle/Contents/Resources/BundleExample.app/Contents/MacOS/BundleExample:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/DirectoryBundle/Contents/Resources/BundleExample.app/Contents/MacOS/BundleExample
--------------------------------------------------------------------------------
/Source/common/testdata/bad_pagezero:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/bad_pagezero
--------------------------------------------------------------------------------
/Source/common/testdata/missing_pagezero:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/common/testdata/missing_pagezero
--------------------------------------------------------------------------------
/Source/gui/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleExecutable
6 | Santa
7 | CFBundleIconFile
8 | AppIcon
9 | CFBundleIconName
10 | AppIcon
11 | CFBundleIdentifier
12 | $(PRODUCT_BUNDLE_IDENTIFIER)
13 | CFBundleInfoDictionaryVersion
14 | 6.0
15 | CFBundleName
16 | Santa
17 | CFBundlePackageType
18 | APPL
19 | CFBundleShortVersionString
20 | $(MARKETING_VERSION)
21 | CFBundleVersion
22 | $(CURRENT_PROJECT_VERSION)
23 | LSMinimumSystemVersion
24 | ${MACOSX_VERSION_MIN}
25 | LSUIElement
26 |
27 | NSHumanReadableCopyright
28 | Google LLC.
29 | NSPrincipalClass
30 | NSApplication
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-16.png
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-256.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-256.png
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-32.png
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-64.png
--------------------------------------------------------------------------------
/Source/gui/Resources/Images.xcassets/Contents.json:
--------------------------------------------------------------------------------
1 | {
2 | "info" : {
3 | "version" : 1,
4 | "author" : "xcode"
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/Source/gui/SNTAboutWindowController.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @interface SNTAboutWindowController : NSWindowController
18 | @end
19 |
--------------------------------------------------------------------------------
/Source/gui/SNTAccessibleTextField.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2016 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | /**
18 | An NSTextField subclass that provides an accessiblity label equal to:
19 | (self.toolTip + self.stringValue) where available. It also sets the
20 | accessibilityRoleDescription to "label".
21 | */
22 | @interface SNTAccessibleTextField : NSTextField
23 | @end
24 |
--------------------------------------------------------------------------------
/Source/gui/SNTAccessibleTextField.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2016 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/gui/SNTAccessibleTextField.h"
16 |
17 | @implementation SNTAccessibleTextField
18 |
19 | - (NSString *)accessibilityLabel {
20 | if (self.toolTip && self.stringValue) {
21 | return [NSString stringWithFormat:@"%@: %@", self.toolTip, self.stringValue];
22 | } else if (self.stringValue) {
23 | return self.stringValue;
24 | } else if (self.toolTip) {
25 | return self.toolTip;
26 | } else {
27 | return nil;
28 | }
29 | }
30 |
31 | - (NSString *)accessibilityRoleDescription {
32 | return @"label";
33 | }
34 |
35 | @end
36 |
--------------------------------------------------------------------------------
/Source/gui/SNTAppDelegate.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | ///
18 | /// Initiates and manages the connection to santad
19 | ///
20 | @interface SNTAppDelegate : NSObject
21 | @end
22 |
--------------------------------------------------------------------------------
/Source/gui/SNTDeviceMessageWindowController.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 | #import
15 |
16 | #import "Source/common/SNTDeviceEvent.h"
17 | #import "Source/gui/SNTMessageWindowController.h"
18 |
19 | NS_ASSUME_NONNULL_BEGIN
20 |
21 | @class SNTStoredEvent;
22 |
23 | ///
24 | /// Controller for a single message window.
25 | ///
26 | @interface SNTDeviceMessageWindowController : SNTMessageWindowController
27 |
28 | // The device event this window is for.
29 | @property(readonly) SNTDeviceEvent *event;
30 |
31 | - (instancetype)initWithEvent:(SNTDeviceEvent *)event message:(nullable NSString *)message;
32 |
33 | @end
34 |
35 | NS_ASSUME_NONNULL_END
36 |
--------------------------------------------------------------------------------
/Source/gui/SNTFileAccessMessageWindowController.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/gui/SNTMessageWindowController.h"
18 |
19 | NS_ASSUME_NONNULL_BEGIN
20 |
21 | @class SNTFileAccessEvent;
22 |
23 | ///
24 | /// Controller for a single message window.
25 | ///
26 | API_AVAILABLE(macos(13.0))
27 | @interface SNTFileAccessMessageWindowController : SNTMessageWindowController
28 |
29 | - (instancetype)initWithEvent:(SNTFileAccessEvent *)event
30 | customMessage:(nullable NSString *)message
31 | customURL:(nullable NSString *)url
32 | customText:(nullable NSString *)text;
33 |
34 | @property(readonly) SNTFileAccessEvent *event;
35 |
36 | @end
37 |
38 | NS_ASSUME_NONNULL_END
39 |
--------------------------------------------------------------------------------
/Source/gui/SNTMessageWindow.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | ///
18 | /// An NSPanel that can become key/main and can fade in/out.
19 | ///
20 | @interface SNTMessageWindow : NSPanel
21 |
22 | ///
23 | /// Fade the window in
24 | ///
25 | - (IBAction)fadeIn:(id)sender;
26 |
27 | ///
28 | /// Fade the window out
29 | ///
30 | - (IBAction)fadeOut:(id)sender;
31 |
32 | @end
33 |
--------------------------------------------------------------------------------
/Source/gui/SNTMessageWindowController.h:
--------------------------------------------------------------------------------
1 | #import
2 |
3 | @protocol SNTMessageWindowControllerDelegate
4 | - (void)windowDidCloseSilenceHash:(NSString *)hash;
5 | @end
6 |
7 | @interface SNTMessageWindowController : NSWindowController
8 |
9 | - (IBAction)showWindow:(id)sender;
10 | - (IBAction)closeWindow:(id)sender;
11 |
12 | /// Generate a distinct key for a given displayed event. This key is used for silencing future
13 | /// notifications.
14 | - (NSString *)messageHash;
15 |
16 | /// Linked to checkbox in UI to prevent future notifications for the given event.
17 | @property BOOL silenceFutureNotifications;
18 |
19 | @property(weak) id delegate;
20 |
21 | @end
22 |
--------------------------------------------------------------------------------
/Source/gui/SNTMessageWindowController.m:
--------------------------------------------------------------------------------
1 | #import "Source/gui/SNTMessageWindowController.h"
2 |
3 | @implementation SNTMessageWindowController
4 |
5 | - (IBAction)showWindow:(id)sender {
6 | [self.window setLevel:NSPopUpMenuWindowLevel];
7 | [self.window setMovableByWindowBackground:YES];
8 | [self.window makeKeyAndOrderFront:sender];
9 | [self.window center];
10 | [NSApp activateIgnoringOtherApps:YES];
11 | }
12 | - (IBAction)closeWindow:(id)sender {
13 | [self windowWillClose:sender];
14 | [self.window close];
15 | }
16 |
17 | - (void)windowWillClose:(NSNotification *)notification {
18 | if (!self.delegate) return;
19 |
20 | if (self.silenceFutureNotifications) {
21 | [self.delegate windowDidCloseSilenceHash:[self messageHash]];
22 | } else {
23 | [self.delegate windowDidCloseSilenceHash:nil];
24 | }
25 | }
26 |
27 | - (NSString *)messageHash {
28 | [self doesNotRecognizeSelector:_cmd];
29 | return nil;
30 | }
31 |
32 | @end
33 |
--------------------------------------------------------------------------------
/Source/gui/SNTNotificationManager.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTXPCNotifierInterface.h"
18 | #import "Source/gui/SNTMessageWindowController.h"
19 |
20 | ///
21 | /// Keeps track of pending notifications and ensures only one is presented to the user at a time.
22 | ///
23 | @interface SNTNotificationManager : NSObject
24 |
25 | @property NSXPCListenerEndpoint *notificationListener;
26 |
27 | @end
28 |
--------------------------------------------------------------------------------
/Source/gui/Santa.app-adhoc.entitlements:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | com.apple.developer.system-extension.install
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/Source/santabundleservice/BUILD:
--------------------------------------------------------------------------------
1 | load("@build_bazel_rules_apple//apple:macos.bzl", "macos_command_line_application")
2 |
3 | licenses(["notice"])
4 |
5 | package(
6 | default_visibility = ["//:santa_package_group"],
7 | )
8 |
9 | objc_library(
10 | name = "santabs_lib",
11 | srcs = [
12 | "SNTBundleService.h",
13 | "SNTBundleService.m",
14 | "main.m",
15 | ],
16 | deps = [
17 | "//Source/common:SNTFileInfo",
18 | "//Source/common:SNTLogging",
19 | "//Source/common:SNTStoredEvent",
20 | "//Source/common:SNTXPCBundleServiceInterface",
21 | "//Source/common:SNTXPCNotifierInterface",
22 | "//Source/common:SigningIDHelpers",
23 | "@FMDB",
24 | "@MOLCodesignChecker",
25 | "@MOLXPCConnection",
26 | ],
27 | )
28 |
29 | macos_command_line_application(
30 | name = "santabundleservice",
31 | bundle_id = "com.google.santa.bundleservice",
32 | codesignopts = [
33 | "--timestamp",
34 | "--force",
35 | "--options library,kill,runtime",
36 | ],
37 | infoplists = ["Info.plist"],
38 | minimum_os_version = "12.0",
39 | provisioning_profile = select({
40 | "//:adhoc_build": None,
41 | "//conditions:default": "//profiles:santa_dev",
42 | }),
43 | version = "//:version",
44 | visibility = ["//:santa_package_group"],
45 | deps = [":santabs_lib"],
46 | )
47 |
--------------------------------------------------------------------------------
/Source/santabundleservice/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleDevelopmentRegion
6 | en
7 | CFBundleDisplayName
8 | santabundleservice
9 | CFBundleExecutable
10 | santabundleservice
11 | CFBundleIdentifier
12 | com.google.santa.bundleservice
13 | CFBundleInfoDictionaryVersion
14 | 6.0
15 | CFBundleName
16 | santabundleservice
17 | CFBundleShortVersionString
18 | ${SANTA_VERSION}
19 | CFBundleSignature
20 | ????
21 | CFBundleVersion
22 | ${SANTA_VERSION}
23 | NSHumanReadableCopyright
24 | Google LLC.
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Source/santabundleservice/SNTBundleService.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2017 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTXPCBundleServiceInterface.h"
18 |
19 | @interface SNTBundleService : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santactl/Commands/SNTCommandMetrics.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/santactl/SNTCommand.h"
18 | #import "Source/santactl/SNTCommandController.h"
19 |
20 | @interface SNTCommandMetrics : SNTCommand
21 | - (void)prettyPrintMetrics:(NSDictionary *)metircs asJSON:(BOOL)exportJSON;
22 | - (NSDictionary *)filterMetrics:(NSDictionary *)metrics withArguments:(NSArray *)args;
23 | @end
24 |
--------------------------------------------------------------------------------
/Source/santactl/Commands/SNTCommandRule.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2024 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/santactl/SNTCommand.h"
18 |
19 | @interface SNTCommandRule : SNTCommand
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santactl/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleIdentifier
6 | com.google.santa.ctl
7 | CFBundleInfoDictionaryVersion
8 | 6.0
9 | CFBundleName
10 | santactl
11 | CFBundleShortVersionString
12 | $(MARKETING_VERSION)
13 | CFBundleVersion
14 | $(CURRENT_PROJECT_VERSION)
15 | NSHumanReadableCopyright
16 | Google, LLC.
17 |
18 |
19 |
--------------------------------------------------------------------------------
/Source/santad/EventProviders/SNTEndpointSecurityClient.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include "Source/santad/EventProviders/SNTEndpointSecurityClientBase.h"
16 |
17 | /// This should be treated as an Abstract Base Class and not directly instantiated
18 | @interface SNTEndpointSecurityClient : NSObject
19 | - (instancetype)init NS_UNAVAILABLE;
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santad/EventProviders/SNTEndpointSecurityTreeAwareClient.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2024 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include "Source/santad/EventProviders/SNTEndpointSecurityClient.h"
16 |
17 | #include "Source/santad/EventProviders/EndpointSecurity/EndpointSecurityAPI.h"
18 | #include "Source/santad/Metrics.h"
19 | #include "Source/santad/ProcessTree/process_tree.h"
20 |
21 | @interface SNTEndpointSecurityTreeAwareClient : SNTEndpointSecurityClient
22 | @property std::shared_ptr processTree;
23 |
24 | - (instancetype)initWithESAPI:(std::shared_ptr)esApi
25 | metrics:(std::shared_ptr)metrics
26 | processor:(santa::Processor)processor
27 | processTree:
28 | (std::shared_ptr)processTree;
29 | @end
30 |
--------------------------------------------------------------------------------
/Source/santad/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleIdentifier
6 | com.google.santa.daemon
7 | CFBundleInfoDictionaryVersion
8 | 6.0
9 | CFBundleName
10 | santad
11 | CFBundlePackageType
12 | SYSX
13 | CFBundleShortVersionString
14 | $(MARKETING_VERSION)
15 | CFBundleVersion
16 | $(CURRENT_PROJECT_VERSION)
17 | NSHumanReadableCopyright
18 | Google, LLC.
19 | NSSystemExtensionUsageDescription
20 | Santa knows who is naughty and nice.
21 | NSEndpointSecurityEarlyBoot
22 |
23 | CFBundleExecutable
24 | com.google.santa.daemon
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/MockLogger.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__LOGS_ENDPOINTSECURITY_MOCKLOGGER_H
16 | #define SANTA__SANTAD__LOGS_ENDPOINTSECURITY_MOCKLOGGER_H
17 |
18 | #include
19 | #include
20 |
21 | #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
22 | #include "Source/santad/Logs/EndpointSecurity/Logger.h"
23 |
24 | class MockLogger : public santa::Logger {
25 | public:
26 | using Logger::Logger;
27 |
28 | MockLogger() : Logger(nullptr, nullptr) {}
29 |
30 | MOCK_METHOD(void, LogFileAccess,
31 | (const std::string &policy_version,
32 | const std::string &policy_name, const santa::Message &msg,
33 | const santa::EnrichedProcess &enriched_process,
34 | const std::string &target, FileAccessPolicyDecision decision));
35 | };
36 |
37 | #endif
38 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/FSSpool/binaryproto.proto:
--------------------------------------------------------------------------------
1 | syntax = "proto3";
2 |
3 | package santa.fsspool.binaryproto;
4 |
5 | import "google/protobuf/any.proto";
6 |
7 | option objc_class_prefix = "FSS";
8 |
9 | // A LogBatch is a simple array of protos.
10 | message LogBatch {
11 | repeated google.protobuf.Any records = 1;
12 | }
13 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/FSSpool/binaryproto_proto_include_wrapper.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_FSSPOOL_BINARYPROTO_PROTO_INCLUDE_WRAPPER_H
16 | #define SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_FSSPOOL_BINARYPROTO_PROTO_INCLUDE_WRAPPER_H
17 |
18 | #include "Source/santad/Logs/EndpointSecurity/Writers/FSSpool/binaryproto.pb.h"
19 |
20 | #endif
21 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/Null.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_NULL_H
16 | #define SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_NULL_H
17 |
18 | #include
19 | #include
20 |
21 | #include "Source/santad/Logs/EndpointSecurity/Writers/Writer.h"
22 |
23 | namespace santa {
24 |
25 | class Null : public Writer {
26 | public:
27 | // Factory
28 | static std::shared_ptr Create();
29 |
30 | void Write(std::vector&& bytes) override;
31 | void Flush() override;
32 | };
33 |
34 | } // namespace santa
35 |
36 | #endif
37 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/Null.mm:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include "Source/santad/Logs/EndpointSecurity/Writers/Null.h"
16 |
17 | namespace santa {
18 |
19 | std::shared_ptr Null::Create() {
20 | return std::make_shared();
21 | }
22 |
23 | void Null::Write(std::vector &&bytes) {
24 | // Intentionally do nothing
25 | }
26 |
27 | void Null::Flush() {
28 | // Intentionally do nothing
29 | }
30 |
31 | } // namespace santa
32 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/Syslog.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_SYSLOG_H
16 | #define SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_SYSLOG_H
17 |
18 | #include
19 |
20 | #include "Source/santad/Logs/EndpointSecurity/Writers/Writer.h"
21 |
22 | namespace santa {
23 |
24 | class Syslog : public Writer {
25 | public:
26 | static std::shared_ptr Create();
27 |
28 | void Write(std::vector&& bytes) override;
29 | void Flush() override;
30 | };
31 |
32 | } // namespace santa
33 |
34 | #endif
35 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/Syslog.mm:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include "Source/santad/Logs/EndpointSecurity/Writers/Syslog.h"
16 |
17 | #include
18 |
19 | namespace santa {
20 |
21 | std::shared_ptr Syslog::Create() {
22 | return std::make_shared();
23 | }
24 |
25 | void Syslog::Write(std::vector &&bytes) {
26 | os_log(OS_LOG_DEFAULT, "%{public}s", bytes.data());
27 | }
28 |
29 | void Syslog::Flush() {
30 | // Nothing to do here
31 | }
32 |
33 | } // namespace santa
34 |
--------------------------------------------------------------------------------
/Source/santad/Logs/EndpointSecurity/Writers/Writer.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_WRITER_H
16 | #define SANTA__SANTAD__LOGS_ENDPOINTSECURITY_WRITERS_WRITER_H
17 |
18 | #include
19 |
20 | namespace santa {
21 |
22 | class Writer {
23 | public:
24 | virtual ~Writer() = default;
25 |
26 | virtual void Write(std::vector&& bytes) = 0;
27 | virtual void Flush() = 0;
28 | };
29 |
30 | } // namespace santa
31 |
32 | #endif
33 |
--------------------------------------------------------------------------------
/Source/santad/ProcessTree/SNTEndpointSecurityAdapter.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 | #ifndef SANTA__SANTAD_PROCESSTREE_SNTENDPOINTSECURITYADAPTER_H
15 | #define SANTA__SANTAD_PROCESSTREE_SNTENDPOINTSECURITYADAPTER_H
16 |
17 | #include
18 |
19 | #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
20 | #include "Source/santad/ProcessTree/process_tree.h"
21 |
22 | namespace santa::santad::process_tree {
23 |
24 | // Inform the tree of the ES event in msg.
25 | // This is idempotent on the tree, so can be called from multiple places with
26 | // the same msg.
27 | void InformFromESEvent(ProcessTree &tree, const santa::Message &msg);
28 |
29 | } // namespace santa::santad::process_tree
30 |
31 | #endif
32 |
--------------------------------------------------------------------------------
/Source/santad/ProcessTree/annotations/BUILD:
--------------------------------------------------------------------------------
1 | load("//:helper.bzl", "santa_unit_test")
2 |
3 | package(
4 | default_visibility = ["//:santa_package_group"],
5 | )
6 |
7 | cc_library(
8 | name = "annotator",
9 | hdrs = ["annotator.h"],
10 | deps = [
11 | "//Source/santad/ProcessTree:process_tree_cc_proto",
12 | ],
13 | )
14 |
15 | cc_library(
16 | name = "originator",
17 | srcs = ["originator.cc"],
18 | hdrs = ["originator.h"],
19 | deps = [
20 | ":annotator",
21 | "//Source/santad/ProcessTree:process",
22 | "//Source/santad/ProcessTree:process_tree",
23 | "//Source/santad/ProcessTree:process_tree_cc_proto",
24 | "@com_google_absl//absl/container:flat_hash_map",
25 | ],
26 | )
27 |
28 | santa_unit_test(
29 | name = "originator_test",
30 | srcs = ["originator_test.mm"],
31 | deps = [
32 | ":originator",
33 | "//Source/santad/ProcessTree:process",
34 | "//Source/santad/ProcessTree:process_tree_cc_proto",
35 | "//Source/santad/ProcessTree:process_tree_test_helpers",
36 | ],
37 | )
38 |
--------------------------------------------------------------------------------
/Source/santad/ProcessTree/process_tree.proto:
--------------------------------------------------------------------------------
1 | syntax = "proto3";
2 |
3 | package santa.pb.v1.process_tree;
4 |
5 | message Annotations {
6 | enum Originator {
7 | UNSPECIFIED = 0;
8 | LOGIN = 1;
9 | CRON = 2;
10 | }
11 |
12 | Originator originator = 1;
13 | }
14 |
--------------------------------------------------------------------------------
/Source/santad/ProcessTree/process_tree_macos.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 | #ifndef SANTA__SANTAD_PROCESSTREE_TREE_MACOS_H
15 | #define SANTA__SANTAD_PROCESSTREE_TREE_MACOS_H
16 |
17 | #include
18 |
19 | namespace santa::santad::process_tree {
20 |
21 | // Create a struct pid from the given audit token.
22 | struct Pid PidFromAuditToken(const audit_token_t &tok);
23 |
24 | } // namespace santa::santad::process_tree
25 |
26 | #endif
27 |
--------------------------------------------------------------------------------
/Source/santad/ProcessTree/process_tree_test_helpers.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2023 Google LLC
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// https://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 | #ifndef SANTA__SANTAD_PROCESSTREE_TREE_TEST_HELPERS_H
15 | #define SANTA__SANTAD_PROCESSTREE_TREE_TEST_HELPERS_H
16 | #include
17 |
18 | #include "Source/santad/ProcessTree/process_tree.h"
19 |
20 | namespace santa::santad::process_tree {
21 |
22 | class ProcessTreeTestPeer : public ProcessTree {
23 | public:
24 | explicit ProcessTreeTestPeer(
25 | std::vector> &&annotators)
26 | : ProcessTree(std::move(annotators)) {}
27 | std::shared_ptr InsertInit();
28 | };
29 |
30 | } // namespace santa::santad::process_tree
31 |
32 | #endif
33 |
--------------------------------------------------------------------------------
/Source/santad/SNTApplicationCoreMetrics.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021-2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #ifndef SANTA__SANTAD__APPLICATIONCOREMETRICS_H
16 | #define SANTA__SANTAD__APPLICATIONCOREMETRICS_H
17 |
18 | #include
19 |
20 | void SNTRegisterCoreMetrics();
21 |
22 | #endif
23 |
--------------------------------------------------------------------------------
/Source/santad/SNTCompilerController.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2017-2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 | #include
17 |
18 | #include
19 |
20 | #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
21 | #include "Source/santad/Logs/EndpointSecurity/Logger.h"
22 |
23 | @interface SNTCompilerController : NSObject
24 |
25 | // This function will determine if the instigating process was a compiler and,
26 | // for appropriate events, will create appropriate transitive rules.
27 | - (BOOL)handleEvent:(const santa::Message &)msg withLogger:(std::shared_ptr)logger;
28 |
29 | // Set whether or not the given audit token should be tracked as a compiler
30 | - (void)setProcess:(const audit_token_t &)tok isCompiler:(bool)isCompiler;
31 |
32 | @end
33 |
--------------------------------------------------------------------------------
/Source/santad/SNTDecisionCache.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #include
16 |
17 | #import
18 |
19 | #import "Source/common/SNTCachedDecision.h"
20 | #import "Source/common/SantaVnode.h"
21 |
22 | @interface SNTDecisionCache : NSObject
23 |
24 | + (instancetype)sharedCache;
25 |
26 | - (void)cacheDecision:(SNTCachedDecision *)cd;
27 | - (SNTCachedDecision *)cachedDecisionForFile:(const struct stat &)statInfo;
28 | - (void)forgetCachedDecisionForVnode:(SantaVnode)vnode;
29 | - (SNTCachedDecision *)resetTimestampForCachedDecision:(const struct stat &)statInfo;
30 |
31 | @end
32 |
--------------------------------------------------------------------------------
/Source/santad/SNTNotificationQueue.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2016 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @class SNTStoredEvent;
18 | @class MOLXPCConnection;
19 |
20 | @interface SNTNotificationQueue : NSObject
21 |
22 | @property(nonatomic) MOLXPCConnection *notifierConnection;
23 |
24 | - (void)addEvent:(SNTStoredEvent *)event
25 | withCustomMessage:(NSString *)message
26 | andCustomURL:(NSString *)url;
27 |
28 | @end
29 |
--------------------------------------------------------------------------------
/Source/santad/SNTSyncdQueue.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2016 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTCommonEnums.h"
18 |
19 | @class SNTStoredEvent;
20 | @class MOLXPCConnection;
21 |
22 | @interface SNTSyncdQueue : NSObject
23 |
24 | @property(nonatomic) MOLXPCConnection *syncConnection;
25 |
26 | - (void)addEvents:(NSArray *)events isFromBundle:(BOOL)isFromBundle;
27 | - (void)addBundleEvent:(SNTStoredEvent *)event reply:(void (^)(SNTBundleEventAction))reply;
28 |
29 | @end
30 |
--------------------------------------------------------------------------------
/Source/santad/com.google.santa.daemon.systemextension-adhoc.entitlements:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | com.apple.developer.endpoint-security.client
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/Source/santad/testdata/BUILD:
--------------------------------------------------------------------------------
1 | licenses(["notice"])
2 |
3 | filegroup(
4 | name = "binaryrules_testdata",
5 | srcs = glob(["binaryrules/*"]),
6 | visibility = ["//:santa_package_group"],
7 | )
8 |
9 | filegroup(
10 | name = "protobuf_json_testdata",
11 | srcs = glob(["protobuf/**/*.json"]),
12 | visibility = ["//:santa_package_group"],
13 | )
14 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/allowed_cdhash:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/allowed_cdhash
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/allowed_signingid:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/allowed_signingid
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/allowed_teamid:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/allowed_teamid
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/badbinary:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/badbinary
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/badbinary.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char* argv[]) {
4 | const char* evil =
5 | "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
6 | printf("%s", evil);
7 | return 0;
8 | }
9 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/badcert:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/badcert
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/badcert.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char* argv[]) {
4 | printf("Hello world, this binary's execution should be blocked");
5 | return 0;
6 | }
7 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_cdhash:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/banned_cdhash
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_signingid:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/banned_signingid
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_teamid:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/banned_teamid
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_teamid.c:
--------------------------------------------------------------------------------
1 | #include
2 | int main(int argc, char* argv[]) {
3 | printf("This binary should fail to execute because of its banned team ID!");
4 | return 0;
5 | }
6 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_teamid_allowed_binary:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/banned_teamid_allowed_binary
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/banned_teamid_allowed_binary.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char* argv[]) {
4 | printf(
5 | "Hello world, this binary's execution is okay even though its teamID "
6 | "isn't");
7 | return 0;
8 | }
9 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/cert_hash_allowed_signingid_blocked:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/cert_hash_allowed_signingid_blocked
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/cert_hash_allowed_signingid_not_matched:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/cert_hash_allowed_signingid_not_matched
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/goodbinary:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/goodbinary
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/goodbinary.c:
--------------------------------------------------------------------------------
1 | #include
2 | int main(int argc, char* argv[]) {
3 | printf("Hello world!");
4 | return 0;
5 | }
6 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/goodcert:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/goodcert
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/goodcert.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char* argv[]) {
4 | printf("Hello world, this binary's execution is okay");
5 | return 0;
6 | }
7 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/noop:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/noop
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/noop.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char* argv[]) {
4 | printf(
5 | "There should be no explciit rules in either direction for the execution "
6 | "of "
7 | "this binary");
8 | return 0;
9 | }
10 |
--------------------------------------------------------------------------------
/Source/santad/testdata/binaryrules/rules.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santad/testdata/binaryrules/rules.db
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/allowlist.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2
16 | },
17 | "effective_group": {
18 | "gid": -1
19 | },
20 | "real_user": {
21 | "uid": -2
22 | },
23 | "real_group": {
24 | "gid": -1
25 | },
26 | "executable": {
27 | "path": "foo",
28 | "truncated": false
29 | }
30 | },
31 | "target": {
32 | "path": "close_file",
33 | "truncated": false,
34 | "stat": {
35 | "dev": 301,
36 | "mode": 302,
37 | "nlink": 303,
38 | "ino": "304",
39 | "user": {
40 | "uid": -2
41 | },
42 | "group": {
43 | "gid": -1
44 | },
45 | "rdev": 305,
46 | "access_time": "1970-01-01T00:06:40.000000500Z",
47 | "modification_time": "1970-01-01T00:06:41.000000321Z",
48 | "change_time": "1970-01-01T00:06:42.000000502Z",
49 | "birth_time": "1970-01-01T00:06:43.000000503Z",
50 | "size": "306",
51 | "blocks": "307",
52 | "blksize": 308,
53 | "flags": 309,
54 | "gen": 310
55 | },
56 | "hash": {
57 | "type": "HASH_ALGO_SHA256",
58 | "hash": "hash_value"
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/close.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "close_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "modified": true
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/exit.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "exited": {
36 | "exit_status": 1
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/fork.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "child": {
36 | "id": {
37 | "pid": 12,
38 | "pidversion": 34
39 | },
40 | "parent_id": {
41 | "pid": 56,
42 | "pidversion": 78
43 | },
44 | "original_parent_pid": 56,
45 | "group_id": 111,
46 | "session_id": 222,
47 | "effective_user": {
48 | "uid": -2,
49 | "name": "nobody"
50 | },
51 | "effective_group": {
52 | "gid": -1,
53 | "name": "nogroup"
54 | },
55 | "real_user": {
56 | "uid": -2,
57 | "name": "nobody"
58 | },
59 | "real_group": {
60 | "gid": -1,
61 | "name": "nogroup"
62 | },
63 | "executable": {
64 | "path": "foo_child",
65 | "truncated": false
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/link.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file"
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/rename.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file",
64 | "target_existed": false
65 | }
66 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v1/unlink.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "unlink_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/allowlist.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2
16 | },
17 | "effective_group": {
18 | "gid": -1
19 | },
20 | "real_user": {
21 | "uid": -2
22 | },
23 | "real_group": {
24 | "gid": -1
25 | },
26 | "executable": {
27 | "path": "foo",
28 | "truncated": false
29 | }
30 | },
31 | "target": {
32 | "path": "close_file",
33 | "truncated": false,
34 | "stat": {
35 | "dev": 301,
36 | "mode": 302,
37 | "nlink": 303,
38 | "ino": "304",
39 | "user": {
40 | "uid": -2
41 | },
42 | "group": {
43 | "gid": -1
44 | },
45 | "rdev": 305,
46 | "access_time": "1970-01-01T00:06:40.000000500Z",
47 | "modification_time": "1970-01-01T00:06:41.000000321Z",
48 | "change_time": "1970-01-01T00:06:42.000000502Z",
49 | "birth_time": "1970-01-01T00:06:43.000000503Z",
50 | "size": "306",
51 | "blocks": "307",
52 | "blksize": 308,
53 | "flags": 309,
54 | "gen": 310
55 | },
56 | "hash": {
57 | "type": "HASH_ALGO_SHA256",
58 | "hash": "hash_value"
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/close.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "close_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "modified": true
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/exit.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "exited": {
36 | "exit_status": 1
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/fork.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "child": {
36 | "id": {
37 | "pid": 12,
38 | "pidversion": 34
39 | },
40 | "parent_id": {
41 | "pid": 56,
42 | "pidversion": 78
43 | },
44 | "original_parent_pid": 56,
45 | "group_id": 111,
46 | "session_id": 222,
47 | "effective_user": {
48 | "uid": -2,
49 | "name": "nobody"
50 | },
51 | "effective_group": {
52 | "gid": -1,
53 | "name": "nogroup"
54 | },
55 | "real_user": {
56 | "uid": -2,
57 | "name": "nobody"
58 | },
59 | "real_group": {
60 | "gid": -1,
61 | "name": "nogroup"
62 | },
63 | "executable": {
64 | "path": "foo_child",
65 | "truncated": false
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/link.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file"
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/rename.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file",
64 | "target_existed": false
65 | }
66 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v2/unlink.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "unlink_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/allowlist.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2
16 | },
17 | "effective_group": {
18 | "gid": -1
19 | },
20 | "real_user": {
21 | "uid": -2
22 | },
23 | "real_group": {
24 | "gid": -1
25 | },
26 | "executable": {
27 | "path": "foo",
28 | "truncated": false
29 | }
30 | },
31 | "target": {
32 | "path": "close_file",
33 | "truncated": false,
34 | "stat": {
35 | "dev": 301,
36 | "mode": 302,
37 | "nlink": 303,
38 | "ino": "304",
39 | "user": {
40 | "uid": -2
41 | },
42 | "group": {
43 | "gid": -1
44 | },
45 | "rdev": 305,
46 | "access_time": "1970-01-01T00:06:40.000000500Z",
47 | "modification_time": "1970-01-01T00:06:41.000000321Z",
48 | "change_time": "1970-01-01T00:06:42.000000502Z",
49 | "birth_time": "1970-01-01T00:06:43.000000503Z",
50 | "size": "306",
51 | "blocks": "307",
52 | "blksize": 308,
53 | "flags": 309,
54 | "gen": 310
55 | },
56 | "hash": {
57 | "type": "HASH_ALGO_SHA256",
58 | "hash": "hash_value"
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/close.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "close_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "modified": true
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/cs_invalidated.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/exit.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "exited": {
36 | "exit_status": 1
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/fork.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "child": {
36 | "id": {
37 | "pid": 12,
38 | "pidversion": 34
39 | },
40 | "parent_id": {
41 | "pid": 56,
42 | "pidversion": 78
43 | },
44 | "original_parent_pid": 56,
45 | "group_id": 111,
46 | "session_id": 222,
47 | "effective_user": {
48 | "uid": -2,
49 | "name": "nobody"
50 | },
51 | "effective_group": {
52 | "gid": -1,
53 | "name": "nogroup"
54 | },
55 | "real_user": {
56 | "uid": -2,
57 | "name": "nobody"
58 | },
59 | "real_group": {
60 | "gid": -1,
61 | "name": "nogroup"
62 | },
63 | "executable": {
64 | "path": "foo_child",
65 | "truncated": false
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/link.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file"
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/rename.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir",
64 | "target_existed": true
65 | }
66 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v4/unlink.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "unlink_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/allowlist.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2
16 | },
17 | "effective_group": {
18 | "gid": -1
19 | },
20 | "real_user": {
21 | "uid": -2
22 | },
23 | "real_group": {
24 | "gid": -1
25 | },
26 | "executable": {
27 | "path": "foo",
28 | "truncated": false
29 | }
30 | },
31 | "target": {
32 | "path": "close_file",
33 | "truncated": false,
34 | "stat": {
35 | "dev": 301,
36 | "mode": 302,
37 | "nlink": 303,
38 | "ino": "304",
39 | "user": {
40 | "uid": -2
41 | },
42 | "group": {
43 | "gid": -1
44 | },
45 | "rdev": 305,
46 | "access_time": "1970-01-01T00:06:40.000000500Z",
47 | "modification_time": "1970-01-01T00:06:41.000000321Z",
48 | "change_time": "1970-01-01T00:06:42.000000502Z",
49 | "birth_time": "1970-01-01T00:06:43.000000503Z",
50 | "size": "306",
51 | "blocks": "307",
52 | "blksize": 308,
53 | "flags": 309,
54 | "gen": 310
55 | },
56 | "hash": {
57 | "type": "HASH_ALGO_SHA256",
58 | "hash": "hash_value"
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/close.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "close_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "modified": true
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/cs_invalidated.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/exit.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "exited": {
36 | "exit_status": 1
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/fork.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "child": {
36 | "id": {
37 | "pid": 12,
38 | "pidversion": 34
39 | },
40 | "parent_id": {
41 | "pid": 56,
42 | "pidversion": 78
43 | },
44 | "original_parent_pid": 56,
45 | "group_id": 111,
46 | "session_id": 222,
47 | "effective_user": {
48 | "uid": -2,
49 | "name": "nobody"
50 | },
51 | "effective_group": {
52 | "gid": -1,
53 | "name": "nogroup"
54 | },
55 | "real_user": {
56 | "uid": -2,
57 | "name": "nobody"
58 | },
59 | "real_group": {
60 | "gid": -1,
61 | "name": "nogroup"
62 | },
63 | "executable": {
64 | "path": "foo_child",
65 | "truncated": false
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/link.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file"
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/rename.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file",
64 | "target_existed": false
65 | }
66 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v5/unlink.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "unlink_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/allowlist.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2
16 | },
17 | "effective_group": {
18 | "gid": -1
19 | },
20 | "real_user": {
21 | "uid": -2
22 | },
23 | "real_group": {
24 | "gid": -1
25 | },
26 | "executable": {
27 | "path": "foo",
28 | "truncated": false
29 | }
30 | },
31 | "target": {
32 | "path": "close_file",
33 | "truncated": false,
34 | "stat": {
35 | "dev": 301,
36 | "mode": 302,
37 | "nlink": 303,
38 | "ino": "304",
39 | "user": {
40 | "uid": -2
41 | },
42 | "group": {
43 | "gid": -1
44 | },
45 | "rdev": 305,
46 | "access_time": "1970-01-01T00:06:40.000000500Z",
47 | "modification_time": "1970-01-01T00:06:41.000000321Z",
48 | "change_time": "1970-01-01T00:06:42.000000502Z",
49 | "birth_time": "1970-01-01T00:06:43.000000503Z",
50 | "size": "306",
51 | "blocks": "307",
52 | "blksize": 308,
53 | "flags": 309,
54 | "gen": 310
55 | },
56 | "hash": {
57 | "type": "HASH_ALGO_SHA256",
58 | "hash": "hash_value"
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/close.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "close_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "modified": true
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/cs_invalidated.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/exit.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "exited": {
36 | "exit_status": 1
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/fork.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "child": {
36 | "id": {
37 | "pid": 12,
38 | "pidversion": 34
39 | },
40 | "parent_id": {
41 | "pid": 56,
42 | "pidversion": 78
43 | },
44 | "original_parent_pid": 56,
45 | "group_id": 111,
46 | "session_id": 222,
47 | "effective_user": {
48 | "uid": -2,
49 | "name": "nobody"
50 | },
51 | "effective_group": {
52 | "gid": -1,
53 | "name": "nogroup"
54 | },
55 | "real_user": {
56 | "uid": -2,
57 | "name": "nobody"
58 | },
59 | "real_group": {
60 | "gid": -1,
61 | "name": "nogroup"
62 | },
63 | "executable": {
64 | "path": "foo_child",
65 | "truncated": false
66 | }
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/link.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file"
64 | }
65 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/login_login.json:
--------------------------------------------------------------------------------
1 | {
2 | "login": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "success": true,
37 | "user": {
38 | "uid": 321,
39 | "name": "asdf"
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/login_login_failed_attempt.json:
--------------------------------------------------------------------------------
1 | {
2 | "login": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "success": false,
37 | "failure_message": "bXl8ZmFpbHVyZQ==",
38 | "user": {
39 | "name": "asdf"
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/lw_session_lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "lock": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "user": {
37 | "uid": 1,
38 | "name": "daemon"
39 | },
40 | "graphical_session": {
41 | "id": 123
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/lw_session_login.json:
--------------------------------------------------------------------------------
1 | {
2 | "login": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "user": {
37 | "uid": 1,
38 | "name": "daemon"
39 | },
40 | "graphical_session": {
41 | "id": 123
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/lw_session_logout.json:
--------------------------------------------------------------------------------
1 | {
2 | "logout": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "user": {
37 | "uid": 1,
38 | "name": "daemon"
39 | },
40 | "graphical_session": {
41 | "id": 123
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/lw_session_unlock.json:
--------------------------------------------------------------------------------
1 | {
2 | "unlock": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "user": {
37 | "uid": 1,
38 | "name": "daemon"
39 | },
40 | "graphical_session": {
41 | "id": 123
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/openssh_login.json:
--------------------------------------------------------------------------------
1 | {
2 | "login": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "result": "RESULT_AUTH_SUCCESS",
37 | "source": {
38 | "address": "MS4yLjMuNA==",
39 | "type": "TYPE_IPV4"
40 | },
41 | "user": {
42 | "uid": 12345,
43 | "name": "foo_user"
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/openssh_login_failed_attempt.json:
--------------------------------------------------------------------------------
1 | {
2 | "login": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "result": "RESULT_AUTH_FAIL_HOSTBASED",
37 | "source": {
38 | "address": "Ojox",
39 | "type": "TYPE_IPV6"
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/openssh_logout.json:
--------------------------------------------------------------------------------
1 | {
2 | "logout": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "source": {
37 | "address": "MS4yLjMuNA==",
38 | "type": "TYPE_IPV4"
39 | },
40 | "user": {
41 | "uid": 12345,
42 | "name": "foo_user"
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/rename.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "source": {
36 | "path": "source",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | },
63 | "target": "target_dir/target_file",
64 | "target_existed": false
65 | }
66 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/screensharing_attach.json:
--------------------------------------------------------------------------------
1 | {
2 | "attach": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "success": true,
37 | "source": {
38 | "address": "Ojox",
39 | "type": "TYPE_IPV6"
40 | },
41 | "viewer": "Zm9vQGV4YW1wbGUuY29t",
42 | "authentication_type": "aWRr",
43 | "authentication_user": {
44 | "name": "my_auth_user"
45 | },
46 | "session_user": {
47 | "name": "my_session_user"
48 | },
49 | "existing_session": true,
50 | "graphical_session": {
51 | "id": 123
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/screensharing_attach_unset_fields.json:
--------------------------------------------------------------------------------
1 | {
2 | "attach": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "success": true,
37 | "source": {
38 | "type": "TYPE_UNKNOWN"
39 | },
40 | "existing_session": true,
41 | "graphical_session": {
42 | "id": 123
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/screensharing_detach.json:
--------------------------------------------------------------------------------
1 | {
2 | "detach": {
3 | "instigator": {
4 | "id": {
5 | "pid": 12,
6 | "pidversion": 34
7 | },
8 | "parent_id": {
9 | "pid": 56,
10 | "pidversion": 78
11 | },
12 | "original_parent_pid": 56,
13 | "group_id": 111,
14 | "session_id": 222,
15 | "effective_user": {
16 | "uid": -2,
17 | "name": "nobody"
18 | },
19 | "effective_group": {
20 | "gid": -1,
21 | "name": "nogroup"
22 | },
23 | "real_user": {
24 | "uid": -2,
25 | "name": "nobody"
26 | },
27 | "real_group": {
28 | "gid": -1,
29 | "name": "nogroup"
30 | },
31 | "executable": {
32 | "path": "foo",
33 | "truncated": false
34 | }
35 | },
36 | "source": {
37 | "address": "MS4yLjMuNA==",
38 | "type": "TYPE_IPV4"
39 | },
40 | "viewer": "Zm9vQGV4YW1wbGUuY29t",
41 | "graphical_session": {
42 | "id": 123
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/Source/santad/testdata/protobuf/v6/unlink.json:
--------------------------------------------------------------------------------
1 | {
2 | "instigator": {
3 | "id": {
4 | "pid": 12,
5 | "pidversion": 34
6 | },
7 | "parent_id": {
8 | "pid": 56,
9 | "pidversion": 78
10 | },
11 | "original_parent_pid": 56,
12 | "group_id": 111,
13 | "session_id": 222,
14 | "effective_user": {
15 | "uid": -2,
16 | "name": "nobody"
17 | },
18 | "effective_group": {
19 | "gid": -1,
20 | "name": "nogroup"
21 | },
22 | "real_user": {
23 | "uid": -2,
24 | "name": "nobody"
25 | },
26 | "real_group": {
27 | "gid": -1,
28 | "name": "nogroup"
29 | },
30 | "executable": {
31 | "path": "foo",
32 | "truncated": false
33 | }
34 | },
35 | "target": {
36 | "path": "unlink_file",
37 | "truncated": false,
38 | "stat": {
39 | "dev": 301,
40 | "mode": 302,
41 | "nlink": 303,
42 | "ino": "304",
43 | "user": {
44 | "uid": -2,
45 | "name": "nobody"
46 | },
47 | "group": {
48 | "gid": -1,
49 | "name": "nogroup"
50 | },
51 | "rdev": 305,
52 | "access_time": "1970-01-01T00:06:40.000000500Z",
53 | "modification_time": "1970-01-01T00:06:41.000000321Z",
54 | "change_time": "1970-01-01T00:06:42.000000502Z",
55 | "birth_time": "1970-01-01T00:06:43.000000503Z",
56 | "size": "306",
57 | "blocks": "307",
58 | "blksize": 308,
59 | "flags": 309,
60 | "gen": 310
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Source/santametricservice/Formats/SNTMetricFormat.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @protocol SNTMetricFormat
18 | - (NSArray *)convert:(NSDictionary *)metrics error:(NSError **)err;
19 | @end
20 |
--------------------------------------------------------------------------------
/Source/santametricservice/Formats/SNTMetricFormatTestHelper.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | @interface SNTMetricFormatTestHelper : NSObject
18 | + (NSDictionary *)convertDatesToFixedDateWithExportDict:(NSDictionary *)exportDict;
19 | + (NSDictionary *)createValidMetricsDictionary;
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santametricservice/Formats/SNTMetricMonarchJSONFormat.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/santametricservice/Formats/SNTMetricFormat.h"
18 |
19 | @interface SNTMetricMonarchJSONFormat : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santametricservice/Formats/SNTMetricRawJSONFormat.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/santametricservice/Formats/SNTMetricFormat.h"
18 |
19 | @interface SNTMetricRawJSONFormat : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santametricservice/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleDevelopmentRegion
6 | en
7 | CFBundleDisplayName
8 | santametricservice
9 | CFBundleExecutable
10 | santametricservice
11 | CFBundleIdentifier
12 | com.google.santa.metricservice
13 | CFBundleInfoDictionaryVersion
14 | 6.0
15 | CFBundleName
16 | santametricservice
17 | CFBundleShortVersionString
18 | ${SANTA_VERSION}
19 | CFBundleSignature
20 | ????
21 | CFBundleVersion
22 | ${SANTA_VERSION}
23 | NSHumanReadableCopyright
24 | Google LLC.
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Source/santametricservice/SNTMetricService.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTXPCMetricServiceInterface.h"
18 |
19 | @interface SNTMetricService : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santametricservice/Writers/SNTMetricFileWriter.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 | #import "Source/santametricservice/Writers/SNTMetricWriter.h"
15 |
16 | @interface SNTMetricFileWriter : NSObject
17 | @end
--------------------------------------------------------------------------------
/Source/santametricservice/Writers/SNTMetricHTTPWriter.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/santametricservice/Writers/SNTMetricWriter.h"
16 |
17 | #import
18 |
19 | @interface SNTMetricHTTPWriter : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santametricservice/Writers/SNTMetricWriter.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2021 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | /**
18 | * An SNTMetricWriter outputs a serialized SNTMetricSet to the external
19 | * monitoring system.
20 | * */
21 | @protocol SNTMetricWriter
22 | - (BOOL)write:(NSArray *)data toURL:(NSURL *)url error:(NSError **)error;
23 | @end
--------------------------------------------------------------------------------
/Source/santasyncservice/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleDevelopmentRegion
6 | en
7 | CFBundleDisplayName
8 | santasyncservice
9 | CFBundleExecutable
10 | santasyncservice
11 | CFBundleIdentifier
12 | com.google.santa.syncservice
13 | CFBundleInfoDictionaryVersion
14 | 6.0
15 | CFBundleName
16 | santasyncservice
17 | CFBundleShortVersionString
18 | ${SANTA_VERSION}
19 | CFBundleSignature
20 | ????
21 | CFBundleVersion
22 | ${SANTA_VERSION}
23 | NSHumanReadableCopyright
24 | Google LLC.
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Source/santasyncservice/NSData+Zlib.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | /// Category on NSData providing the option of getting zlib or gzip compressed data.
18 | @interface NSData (Zlib)
19 |
20 | - (NSData *)zlibCompressed;
21 | - (NSData *)gzipCompressed;
22 |
23 | @end
24 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTPushNotifications.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License
14 |
15 | #import
16 |
17 | @protocol SNTPushNotificationsDelegate
18 | - (void)sync;
19 | - (void)syncSecondsFromNow:(uint64_t)seconds;
20 | - (void)ruleSync;
21 | - (void)ruleSyncSecondsFromNow:(uint64_t)seconds;
22 | - (void)preflightSync;
23 | @end
24 |
25 | @class SNTSyncState;
26 | @class SNTSyncFCM;
27 |
28 | @interface SNTPushNotifications : NSObject
29 |
30 | - (void)listenWithSyncState:(SNTSyncState *)syncState;
31 | - (void)stop;
32 | @property(weak) id delegate;
33 | @property(readonly) BOOL isConnected;
34 | @property(readonly) NSString *token;
35 | @property(readonly) NSUInteger pushNotificationsFullSyncInterval;
36 |
37 | @end
38 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncBroadcaster.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License
14 |
15 | #import
16 |
17 | @class MOLXPCConnection;
18 |
19 | // A small class to keep track of and send messages to active listeners.
20 | @interface SNTSyncBroadcaster : NSObject
21 |
22 | // Retrieve an initialized singleton SNTSyncBroadcaster object.
23 | // Use this instead of init.
24 | + (instancetype)broadcaster;
25 |
26 | - (void)addLogListener:(MOLXPCConnection *)logListener;
27 | - (void)removeLogListener:(MOLXPCConnection *)logListener;
28 | - (void)broadcastToLogListeners:(NSString *)log;
29 |
30 | // Blocks until all the currently enqueued (up to this point) logs from -[broadcastToLogListeners:]
31 | // are sent.
32 | - (void)barrier;
33 | @end
34 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncEventUpload.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "SNTSyncStage.h"
18 |
19 | @interface SNTSyncEventUpload : SNTSyncStage
20 |
21 | - (BOOL)uploadEvents:(NSArray *)events;
22 |
23 | @end
24 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncLogging.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2022 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/santasyncservice/SNTSyncLogging.h"
16 | #include "Source/common/SNTLogging.h"
17 |
18 | #import "Source/santasyncservice/SNTSyncBroadcaster.h"
19 |
20 | void logSyncMessage(LogLevel level, NSString *format, ...) {
21 | static LogLevel logLevel = LOG_LEVEL_DEBUG;
22 | static dispatch_once_t onceToken;
23 | dispatch_once(&onceToken, ^{
24 | logLevel = EffectiveLogLevel();
25 | });
26 | if (logLevel < level) return;
27 | va_list args;
28 | va_start(args, format);
29 | NSMutableString *s = [[NSMutableString alloc] initWithFormat:format arguments:args];
30 | va_end(args);
31 | [[SNTSyncBroadcaster broadcaster] broadcastToLogListeners:s];
32 | }
33 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncPostflight.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "SNTSyncStage.h"
18 |
19 | @interface SNTSyncPostflight : SNTSyncStage
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncPreflight.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "SNTSyncStage.h"
18 |
19 | @interface SNTSyncPreflight : SNTSyncStage
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncRuleDownload.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/santasyncservice/SNTSyncStage.h"
18 |
19 | @class SNTRule;
20 |
21 | @interface SNTSyncRuleDownload : SNTSyncStage
22 | @end
23 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncService.h:
--------------------------------------------------------------------------------
1 | /// Copyright 2020 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import
16 |
17 | #import "Source/common/SNTXPCSyncServiceInterface.h"
18 |
19 | @interface SNTSyncService : NSObject
20 | @end
21 |
--------------------------------------------------------------------------------
/Source/santasyncservice/SNTSyncState.m:
--------------------------------------------------------------------------------
1 | /// Copyright 2015 Google Inc. All rights reserved.
2 | ///
3 | /// Licensed under the Apache License, Version 2.0 (the "License");
4 | /// you may not use this file except in compliance with the License.
5 | /// You may obtain a copy of the License at
6 | ///
7 | /// http://www.apache.org/licenses/LICENSE-2.0
8 | ///
9 | /// Unless required by applicable law or agreed to in writing, software
10 | /// distributed under the License is distributed on an "AS IS" BASIS,
11 | /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | /// See the License for the specific language governing permissions and
13 | /// limitations under the License.
14 |
15 | #import "Source/santasyncservice/SNTSyncState.h"
16 |
17 | @implementation SNTSyncState
18 | @end
19 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_basic.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santasyncservice/testdata/sync_preflight_basic.gz
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_basic.json:
--------------------------------------------------------------------------------
1 | {"allowed_path_regex": null, "client_mode": "MONITOR", "blocked_path_regex": null, "batch_size": 100}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_basic.z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/Source/santasyncservice/testdata/sync_preflight_basic.z
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_blockusb_absent.json:
--------------------------------------------------------------------------------
1 | {"allowed_path_regex": null, "client_mode": "LOCKDOWN", "blocked_path_regex": null, "batch_size": 100}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_lockdown.json:
--------------------------------------------------------------------------------
1 | {"whitelist_regex": null, "client_mode": "LOCKDOWN", "blacklist_regex": null, "batch_size": 100}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_request.json:
--------------------------------------------------------------------------------
1 | {"serial_num":"QYGF4QM373","hostname":"full-hostname.example.com","os_version":"14.5","os_build":"23F79","model_identifier":"MacBookPro18,3","santa_version":"2024.6.655965194","primary_user":"username1","client_mode":"MONITOR","machine_id":"50C7E1EB-2EF5-42D4-A084-A7966FC45A95"}
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_turn_off_blockusb.json:
--------------------------------------------------------------------------------
1 | {"allowed_path_regex": null, "client_mode": "LOCKDOWN", "blocked_path_regex": null, "batch_size": 100, "block_usb_mount":false}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_preflight_turn_on_blockusb.json:
--------------------------------------------------------------------------------
1 | {"allowed_path_regex": null, "client_mode": "LOCKDOWN", "blocked_path_regex": null, "batch_size": 100, "block_usb_mount":true, "remount_usb_mode": ["rdonly", "noexec"]}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_ruledownload_batch1.json:
--------------------------------------------------------------------------------
1 | {"rules": [{"rule_type": "BINARY", "policy": "BLOCKLIST", "sha256": "ee382e199f7eda58863a93a7854b930ade35798bc6856ee8e6ab6ce9277f0eab", "custom_msg": ""},{"rule_type": "CERTIFICATE", "policy": "ALLOWLIST", "sha256": "46f8c706d0533a54554af5fc163eea704f10c08b30f8a5db12bfdc04fb382fc3", "custom_msg": ""}],"cursor": "this-is-a-cursor="}
2 |
--------------------------------------------------------------------------------
/Source/santasyncservice/testdata/sync_ruledownload_batch2.json:
--------------------------------------------------------------------------------
1 | {"rules": [{"rule_type": "CERTIFICATE", "policy": "BLACKLIST", "sha256": "7846698e47ef41be80b83fb9e2b98fa6dc46c9188b068bff323c302955a00142", "custom_msg": "Hi There"},{"rule_type":"TEAMID", "policy":"BLOCKLIST", "identifier": "AAAAAAAAAA", "custom_msg": "Banned team ID"}]}
2 |
--------------------------------------------------------------------------------
/Testing/clang_analyzer/run_clang_analyzer.sh:
--------------------------------------------------------------------------------
1 | GIT_ROOT=$(git rev-parse --show-toplevel)
2 | ANALYZE_PATH="$GIT_ROOT/Testing/clang_analyzer"
3 | TITLE="Santa Clang Analysis"
4 |
5 | EXECUTION_ROOT=`bazel info execution_root`
6 |
7 | function main() {
8 | bazel clean
9 | bazel run @hedron_compile_commands//:refresh_all
10 |
11 | analyze-build --cdb $GIT_ROOT/compile_commands.json -o $ANALYZE_PATH/analysis --html-title "$TITLE" --use-analyzer=$(which clang)
12 | }
13 |
14 | main $@
15 | exit $?
16 |
--------------------------------------------------------------------------------
/Testing/fix.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | GIT_ROOT=$(git rev-parse --show-toplevel)
3 |
4 | find ${GIT_ROOT} \( -name "*.m" -o -name "*.h" -o -name "*.mm" -o -name "*.cc" \) -exec xcrun clang-format -i {} \+
5 | buildifier --lint=fix -r ${GIT_ROOT}
6 | python3 -m pyink --config ${GIT_ROOT}/.pyink-config ${GIT_ROOT}
7 |
--------------------------------------------------------------------------------
/Testing/integration/BUILD:
--------------------------------------------------------------------------------
1 | load("//:helper.bzl", "run_command", "santa_unit_test")
2 |
3 | package(
4 | default_visibility = ["//:santa_package_group"],
5 | )
6 |
7 | licenses(["notice"])
8 |
9 | santa_unit_test(
10 | name = "SNTExecTest",
11 | srcs = [
12 | "SNTExecTest.m",
13 | ],
14 | data = [
15 | "//Source/santad/testdata:binaryrules_testdata",
16 | ],
17 | minimum_os_version = "12.0",
18 | deps = [],
19 | )
20 |
21 | test_suite(
22 | name = "integration_tests",
23 | tests = [
24 | ":SNTExecTest",
25 | ],
26 | )
27 |
28 | run_command(
29 | name = "install_profile",
30 | cmd = "osascript $${BUILD_WORKSPACE_DIRECTORY}/Testing/integration/install_profile.scpt $${BUILD_WORKSPACE_DIRECTORY}/$$1",
31 | )
32 |
33 | run_command(
34 | name = "allow_sysex",
35 | cmd = "osascript $${BUILD_WORKSPACE_DIRECTORY}/Testing/integration/allow_sysex.scpt",
36 | )
37 |
38 | run_command(
39 | name = "dismiss_santa_popup",
40 | cmd = "osascript $${BUILD_WORKSPACE_DIRECTORY}/Testing/integration/dismiss_santa_popup.scpt",
41 | )
42 |
43 | run_command(
44 | name = "dismiss_usb_popup",
45 | cmd = "osascript $${BUILD_WORKSPACE_DIRECTORY}/Testing/integration/dismiss_usb_popup.scpt",
46 | )
47 |
--------------------------------------------------------------------------------
/Testing/integration/VM/Common/BUILD:
--------------------------------------------------------------------------------
1 | package(
2 | default_visibility = [
3 | "//Testing/integration/VM:__subpackages__",
4 | ],
5 | )
6 |
7 | objc_library(
8 | name = "configuration_helper",
9 | srcs = [
10 | "MacOSVirtualMachineConfigurationHelper.m",
11 | ],
12 | hdrs = [
13 | "MacOSVirtualMachineConfigurationHelper.h",
14 | ],
15 | sdk_frameworks = [
16 | "Virtualization",
17 | ],
18 | )
19 |
20 | objc_library(
21 | name = "delegate",
22 | srcs = [
23 | "MacOSVirtualMachineDelegate.m",
24 | ],
25 | hdrs = [
26 | "MacOSVirtualMachineDelegate.h",
27 | ],
28 | sdk_frameworks = [
29 | "Virtualization",
30 | ],
31 | )
32 |
33 | objc_library(
34 | name = "error",
35 | hdrs = [
36 | "Error.h",
37 | ],
38 | )
39 |
40 | filegroup(
41 | name = "entitlements",
42 | srcs = [
43 | "VM.entitlements",
44 | ],
45 | )
46 |
47 | filegroup(
48 | name = "plist",
49 | srcs = [
50 | "Info.plist",
51 | ],
52 | )
53 |
--------------------------------------------------------------------------------
/Testing/integration/VM/Common/Error.h:
--------------------------------------------------------------------------------
1 | // Adapted from
2 | // https://developer.apple.com/documentation/virtualization/running_macos_in_a_virtual_machine_on_apple_silicon_macs
3 | /*
4 | Copyright © 2022 Apple Inc.
5 |
6 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
7 | associated documentation files (the "Software"), to deal in the Software without restriction,
8 | including without limitation the rights to use, copy, modify, merge, publish, distribute,
9 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all copies or substantial
13 | portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
16 | NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
18 | OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 | */
21 |
22 | #import
23 |
24 | static inline void abortWithErrorMessage(NSString *errorMessage) {
25 | NSLog(@"%@", errorMessage);
26 | abort();
27 | }
28 |
--------------------------------------------------------------------------------
/Testing/integration/VM/Common/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CFBundleIdentifier
6 | $(PRODUCT_BUNDLE_IDENTIFIER)
7 | CFBundleInfoDictionaryVersion
8 | 6.0
9 | CFBundleName
10 | $(PRODUCT_NAME)
11 | CFBundlePackageType
12 | APPL
13 | CFBundleShortVersionString
14 | 0.0.1
15 | CFBundleVersion
16 | 0.0.1
17 | LSMinimumSystemVersion
18 | ${MACOSX_VERSION_MIN}
19 | NSPrincipalClass
20 | NSApplication
21 |
22 |
23 |
--------------------------------------------------------------------------------
/Testing/integration/VM/Common/VM.entitlements:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | com.apple.security.virtualization
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/Testing/integration/VM/InstallationTool/BUILD:
--------------------------------------------------------------------------------
1 | load(
2 | "@build_bazel_rules_apple//apple:macos.bzl",
3 | "macos_application",
4 | )
5 |
6 | objc_library(
7 | name = "installationtool_lib",
8 | srcs = [
9 | "MacOSRestoreImage.m",
10 | "MacOSVirtualMachineInstaller.m",
11 | "main.m",
12 | ],
13 | hdrs = [
14 | "MacOSRestoreImage.h",
15 | "MacOSVirtualMachineInstaller.h",
16 | ],
17 | sdk_frameworks = [
18 | "Virtualization",
19 | ],
20 | deps = [
21 | "//Testing/integration/VM/Common:configuration_helper",
22 | "//Testing/integration/VM/Common:delegate",
23 | "//Testing/integration/VM/Common:error",
24 | ],
25 | )
26 |
27 | macos_application(
28 | name = "InstallationTool",
29 | bundle_id = "com.google.santa.e2e.installation-tool",
30 | entitlements = "//Testing/integration/VM/Common:entitlements",
31 | infoplists = ["//Testing/integration/VM/Common:plist"],
32 | minimum_os_version = "12.0",
33 | deps = [
34 | ":installationtool_lib",
35 | ],
36 | )
37 |
--------------------------------------------------------------------------------
/Testing/integration/VM/LICENSE:
--------------------------------------------------------------------------------
1 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
2 |
3 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
4 |
5 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
6 |
--------------------------------------------------------------------------------
/Testing/integration/VM/VMCLI/BUILD:
--------------------------------------------------------------------------------
1 | load(
2 | "@build_bazel_rules_apple//apple:macos.bzl",
3 | "macos_application",
4 | )
5 |
6 | objc_library(
7 | name = "vmcli_lib",
8 | srcs = [
9 | "main.m",
10 | ],
11 | sdk_frameworks = [
12 | "Virtualization",
13 | ],
14 | deps = [
15 | "//Testing/integration/VM/Common:configuration_helper",
16 | "//Testing/integration/VM/Common:error",
17 | ],
18 | )
19 |
20 | macos_application(
21 | name = "VMCLI",
22 | bundle_id = "com.google.santa.e2e.vmcli",
23 | entitlements = "//Testing/integration/VM/Common:entitlements",
24 | infoplists = ["//Testing/integration/VM/Common:plist"],
25 | minimum_os_version = "13.0",
26 | deps = [
27 | ":vmcli_lib",
28 | ],
29 | )
30 |
--------------------------------------------------------------------------------
/Testing/integration/VM/VMGUI/AppDelegate.h:
--------------------------------------------------------------------------------
1 | // Adapted from
2 | // https://developer.apple.com/documentation/virtualization/running_macos_in_a_virtual_machine_on_apple_silicon_macs
3 | /*
4 | Copyright © 2022 Apple Inc.
5 |
6 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
7 | associated documentation files (the "Software"), to deal in the Software without restriction,
8 | including without limitation the rights to use, copy, modify, merge, publish, distribute,
9 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all copies or substantial
13 | portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
16 | NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
18 | OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 | */
21 |
22 | #import
23 |
24 | @interface AppDelegate : NSObject
25 |
26 | @end
27 |
--------------------------------------------------------------------------------
/Testing/integration/VM/VMGUI/BUILD:
--------------------------------------------------------------------------------
1 | load(
2 | "@build_bazel_rules_apple//apple:macos.bzl",
3 | "macos_application",
4 | )
5 |
6 | objc_library(
7 | name = "vmgui_lib",
8 | srcs = [
9 | "AppDelegate.m",
10 | "main.m",
11 | ],
12 | hdrs = [
13 | "AppDelegate.h",
14 | ],
15 | data = [
16 | "Resources/MainMenu.xib",
17 | ],
18 | sdk_frameworks = [
19 | "Virtualization",
20 | ],
21 | deps = [
22 | "//Testing/integration/VM/Common:configuration_helper",
23 | "//Testing/integration/VM/Common:delegate",
24 | "//Testing/integration/VM/Common:error",
25 | ],
26 | )
27 |
28 | macos_application(
29 | name = "VMGUI",
30 | bundle_id = "com.google.santa.e2e.vmgui",
31 | entitlements = "//Testing/integration/VM/Common:entitlements",
32 | infoplists = ["//Testing/integration/VM/Common:plist"],
33 | minimum_os_version = "13.0",
34 | deps = [
35 | ":vmgui_lib",
36 | ],
37 | )
38 |
--------------------------------------------------------------------------------
/Testing/integration/VM/VMGUI/main.m:
--------------------------------------------------------------------------------
1 | // Adapted from
2 | // https://developer.apple.com/documentation/virtualization/running_macos_in_a_virtual_machine_on_apple_silicon_macs
3 | /*
4 | Copyright © 2022 Apple Inc.
5 |
6 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
7 | associated documentation files (the "Software"), to deal in the Software without restriction,
8 | including without limitation the rights to use, copy, modify, merge, publish, distribute,
9 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all copies or substantial
13 | portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
16 | NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
18 | OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 | */
21 |
22 | #import
23 |
24 | int main(int argc, const char *argv[]) {
25 | return NSApplicationMain(argc, argv);
26 | }
27 |
--------------------------------------------------------------------------------
/Testing/integration/VM/bash_control.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # This script adds bash to the list of programs which can control the system
3 | # through applescript.
4 | # It's run as part of the template VM creation process.
5 |
6 | osascript -e 'tell application "System Settings" to activate'
7 | osascript -e 'tell application "System Events" to tell process "System Settings" to click menu item "Profiles" of menu 1 of menu bar item "View" of menu bar 1'
8 |
--------------------------------------------------------------------------------
/Testing/integration/VM/disclaim.c:
--------------------------------------------------------------------------------
1 | // Disclaim and exec the supplied command (and args), making the exec'd process "responsible" for
2 | // itself (for the purposes of TCC and other security/privacy rules).
3 | // See https://www.qt.io/blog/the-curious-case-of-the-responsible-process for reference
4 |
5 | #include
6 | #include
7 | #include
8 | #include
9 |
10 | extern int responsibility_spawnattrs_setdisclaim(posix_spawnattr_t attrs, int disclaim);
11 |
12 | int main(int argc, char **argv, char **envp)
13 | {
14 | if (argc < 2) {
15 | fprintf(stderr, "Usage: %s command [args...]\n", argv[0]);
16 | exit(1);
17 | }
18 |
19 | posix_spawnattr_t attr;
20 | posix_spawnattr_init(&attr);
21 | posix_spawnattr_setflags(&attr, POSIX_SPAWN_SETEXEC);
22 | responsibility_spawnattrs_setdisclaim(&attr, 1);
23 |
24 | int err = posix_spawnp(NULL, argv[1], NULL, &attr, &argv[1], envp);
25 | if (err) {
26 | errc(1, err, "posix_spawnp failed");
27 | }
28 |
29 | return 1;
30 | }
31 |
--------------------------------------------------------------------------------
/Testing/integration/VM/make_ro_img.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # This script is manually run to create a read-only disk image
3 | # which is mounted into new VMs to help automate the setup process.
4 |
5 | set -xeuo pipefail
6 |
7 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
8 |
9 | if [ $# -ne 2 ]; then
10 | echo "Usage: $0 image_path xcode_xip_path" >&2
11 | exit 1
12 | fi
13 |
14 | IMG=$1
15 | XCODE=$2
16 |
17 | MOUNT_PATH="/Volumes/RO"
18 |
19 | hdiutil create -size 40G -fs APFS -volname RO "${IMG}"
20 | hdiutil attach "${IMG}"
21 |
22 | cp "${XCODE}" "${MOUNT_PATH}"
23 | cp "${SCRIPT_DIR}"/{setup.sh,disclaim.c,bash_control.sh} "${MOUNT_PATH}"
24 |
25 | hdiutil detach "${MOUNT_PATH}"
26 |
--------------------------------------------------------------------------------
/Testing/integration/allow_sysex.scpt:
--------------------------------------------------------------------------------
1 | -- Allows the Santa system extension in System Settings.
2 | -- This is run inside test VMs.
3 |
4 | on run argv
5 | if application "System Settings" is running then
6 | tell application "System Settings" to quit
7 | end if
8 |
9 | delay 2
10 |
11 | tell application "System Events"
12 | tell process "UserNotificationCenter"
13 | click button "Open System Settings" of window 1
14 | end tell
15 |
16 | delay 3
17 |
18 | tell process "System Settings"
19 | -- Click the "Allow" under "system software ... was blocked from loading"
20 | click button 1 of group 5 of scroll area 1 of group 1 of group 2 of splitter group 1 of group 1 of window 1
21 | delay 2
22 | set value of text field 2 of sheet 1 of window 1 to system attribute "VM_PASSWORD"
23 | click button 1 of sheet 1 of window 1
24 | end tell
25 | end tell
26 |
27 | delay 2
28 |
29 | tell application "System Settings" to quit
30 |
31 | delay 2
32 | end run
33 |
--------------------------------------------------------------------------------
/Testing/integration/configs/moroz_changed/global.toml:
--------------------------------------------------------------------------------
1 | clean_sync = true
2 | client_mode = "MONITOR"
3 | batch_size = 100
4 | block_usb_mount = true
5 |
6 | [[rules]]
7 | rule_type = "CERTIFICATE"
8 | policy = "BLOCKLIST"
9 | identifier = "6a7767fb80ac25fd073db8302cb50bea36512808e045bbc3768659bf503d4d31"
10 | custom_msg = "deny bad test self-signed cert"
11 |
--------------------------------------------------------------------------------
/Testing/integration/configs/moroz_default/global.toml:
--------------------------------------------------------------------------------
1 | clean_sync = true
2 | client_mode = "MONITOR"
3 | batch_size = 100
4 |
5 | [[rules]]
6 | rule_type = "BINARY"
7 | policy = "BLOCKLIST"
8 | identifier = "432ad7907dbcfb2ddc0552a398b2c78539c1a230468d87f914f650e061756dbd"
9 | custom_msg = "deny bad test binary"
10 |
11 | [[rules]]
12 | rule_type = "CERTIFICATE"
13 | policy = "BLOCKLIST"
14 | identifier = "6a7767fb80ac25fd073db8302cb50bea36512808e045bbc3768659bf503d4d31"
15 | custom_msg = "deny bad test self-signed cert"
16 |
--------------------------------------------------------------------------------
/Testing/integration/dismiss_santa_popup.scpt:
--------------------------------------------------------------------------------
1 | -- Dismiss the "blocked execution" popup from Santa.
2 | -- This is run inside test VMs.
3 |
4 | on run argv
5 | tell application "System Events"
6 | tell process "Santa"
7 | click button "Ignore" of window 1
8 | end tell
9 | end tell
10 | end run
11 |
--------------------------------------------------------------------------------
/Testing/integration/dismiss_usb_popup.scpt:
--------------------------------------------------------------------------------
1 | -- Dismiss the "disk remounted" popup from Santa.
2 | -- This is run inside test VMs.
3 |
4 | on run argv
5 | tell application "System Events"
6 | tell process "Santa"
7 | click button 1 of group 1 of window 1
8 | end tell
9 | end tell
10 | end run
11 |
--------------------------------------------------------------------------------
/Testing/integration/install_profile.scpt:
--------------------------------------------------------------------------------
1 | -- Installs the passed profile (.mobileconfig).
2 | -- This is run inside test VMs, primarily to configure Santa.
3 | -- macOS 13+ only due to changes in system settings/preferences scripting.
4 |
5 | on run argv
6 | tell application "System Settings" to activate
7 |
8 | delay 2
9 |
10 | tell application "System Events"
11 | tell process "System Settings"
12 | click menu item "Profiles" of menu 1 of menu bar item "View" of menu bar 1
13 | delay 3
14 | -- Thanks SwiftUI.
15 | -- Press the +
16 | click button 1 of group 2 of scroll area 1 of group 1 of group 2 of splitter group 1 of group 1 of window 1
17 | delay 2
18 | -- Cmd+Shift+G to select file
19 | keystroke "G" using {command down, shift down}
20 | delay 2
21 | -- Type in the profile we want, and return to exit the "go to" sheet
22 | keystroke item 1 of argv
23 | keystroke return
24 | delay 2
25 | -- Return to choose the file
26 | keystroke return
27 | delay 2
28 | -- Are you sure? Press continue
29 | click button 2 of group 1 of sheet 1 of window 1
30 | delay 2
31 | -- Press install
32 | click button "Install" of sheet 1 of window 1
33 | end tell
34 | delay 5
35 | tell process "SecurityAgent"
36 | set value of text field 2 of window 1 to system attribute "VM_PASSWORD"
37 | click button 2 of window 1
38 | end tell
39 | end tell
40 |
41 | delay 5
42 |
43 | tell application "System Settings" to quit
44 |
45 | delay 2
46 | end run
47 |
--------------------------------------------------------------------------------
/Testing/integration/test_config_changes.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 |
4 | bazel run //Testing/integration:install_profile -- Testing/integration/configs/default.mobileconfig
5 | if [[ "$(santactl status --json | jq .daemon.block_usb)" != "false" ]]; then
6 | echo "USB blocking enabled with minimal config" >&2
7 | exit 1
8 | fi
9 |
10 | bazel run //Testing/integration:install_profile -- Testing/integration/configs/usb-block.mobileconfig
11 | if [[ "$(santactl status --json | jq .daemon.block_usb)" != "true" ]]; then
12 | echo "USB blocking config change didnt take effect" >&2
13 | exit 1
14 | fi
15 |
--------------------------------------------------------------------------------
/Testing/lint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -exo pipefail
3 |
4 | GIT_ROOT=$(git rev-parse --show-toplevel)
5 |
6 | find ${GIT_ROOT} \( -name "*.m" -o -name "*.h" -o -name "*.mm" -o -name "*.cc" \) -exec clang-format --Werror --dry-run {} \+
7 |
8 | ! git grep -EIn $'[ \t]+$' -- ':(exclude)*.patch'
9 |
10 | go install github.com/bazelbuild/buildtools/buildifier@latest
11 | ~/go/bin/buildifier --lint=warn -r ${GIT_ROOT}
12 |
13 | python3 -m pip install -q pyink
14 | python3 -m pyink --config ${GIT_ROOT}/.pyink-config --check ${GIT_ROOT}
15 |
--------------------------------------------------------------------------------
/docs/.gitignore:
--------------------------------------------------------------------------------
1 | _site
2 | .sass-cache
3 | .jekyll-cache
4 | .jekyll-metadata
5 | vendor
6 | Gemfile.lock
7 |
--------------------------------------------------------------------------------
/docs/CNAME:
--------------------------------------------------------------------------------
1 | santa.dev
--------------------------------------------------------------------------------
/docs/Gemfile:
--------------------------------------------------------------------------------
1 | source "https://rubygems.org"
2 | # Hello! This is where you manage which Jekyll version is used to run.
3 | # When you want to use a different version, change it below, save the
4 | # file and run `bundle install`. Run Jekyll with `bundle exec`, like so:
5 | #
6 | # bundle exec jekyll serve
7 | #
8 | gem "github-pages", group: :jekyll_plugins
9 |
10 | # If you have any plugins, put them here!
11 | group :jekyll_plugins do
12 | gem "jekyll-feed", "~> 0.12"
13 | end
14 | gem "webrick", "~> 1.7"
15 |
--------------------------------------------------------------------------------
/docs/_config.yml:
--------------------------------------------------------------------------------
1 | title: Santa
2 | remote_theme: pmarsceill/just-the-docs
3 |
4 | nav_sort: case_insensitive
5 |
6 | back_to_top: true
7 | back_to_top_text: "Back to top"
8 |
9 | gh_edit_link: true # show or hide edit this page link
10 | gh_edit_link_text: "Edit this page on GitHub"
11 | gh_edit_repository: "https://github.com/google/santa"
12 | gh_edit_branch: "main"
13 |
14 | plugins:
15 | - jekyll-redirect-from
16 |
17 | callouts:
18 | important:
19 | title: Important
20 | color: blue
21 |
--------------------------------------------------------------------------------
/docs/_sass/custom/custom.scss:
--------------------------------------------------------------------------------
1 | // Support wider pages
2 | @media (min-width: 50rem) {
3 | .main {
4 | max-width: none;
5 | }
6 | .side-bar {
7 | max-width: 380px;
8 | }
9 | }
10 | @media (min-width: 1298px) {
11 | .main {
12 | margin-left: 380px;
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/docs/binaries/block.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/binaries/block.png
--------------------------------------------------------------------------------
/docs/binaries/blocked_execution.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/binaries/blocked_execution.png
--------------------------------------------------------------------------------
/docs/binaries/blocked_faa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/binaries/blocked_faa.png
--------------------------------------------------------------------------------
/docs/binaries/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Binaries
3 | has_children: true
4 | nav_order: 5
5 | ---
--------------------------------------------------------------------------------
/docs/binaries/mount_forced_flags.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/binaries/mount_forced_flags.png
--------------------------------------------------------------------------------
/docs/binaries/push.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/binaries/push.png
--------------------------------------------------------------------------------
/docs/binaries/santametricservice.md:
--------------------------------------------------------------------------------
1 | ---
2 | parent: Binaries
3 | ---
4 |
5 | # santametricservice
6 |
7 | The `santametricservice` is responsible for managing various counters and gauges
8 | used by the Santa development team for monitoring important aspects of Santa
9 | such as: CPU/memory usage, event counters, and event processing timers. Metrics are also often added for new and experimental features to help
10 | ensure proper functionality.
11 |
12 | Periodically, the state of all metrics are collected, converted to the
13 | configured format and exported to the configured server.
14 |
15 | **IMPORTANT:** Collected metrics are ***not*** sent back to Google. Metrics are
16 | sent to whatever server is configured, which is nothing by default.
17 |
18 | **NOTE:** At Google,
19 | [Monarch](https://research.google/pubs/monarch-googles-planet-scale-in-memory-time-series-database/)
20 | is used for its metrics system but this has limited value for other deployments.
21 | See [Known Limitations](https://santa.dev/known-limitations) for more
22 | information.
23 |
--------------------------------------------------------------------------------
/docs/binaries/santasyncservice.md:
--------------------------------------------------------------------------------
1 | ---
2 | parent: Binaries
3 | ---
4 |
5 | # santasyncservice
6 |
7 | The `santasyncservice` daemon is responsible for performing all sync service
8 | interactions.
9 |
10 | For more details on syncing, refer to the [Syncing Overview](../introduction/syncing-overview.md) page.
11 |
12 | For full details on implementing your own sync server, refer to the [Sync Protocol](../development/sync-protocol.md) page.
13 | for full details on how to implement your own sync server.
14 |
--------------------------------------------------------------------------------
/docs/concepts/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Concepts
3 | has_children: true
4 | nav_order: 4
5 | ---
--------------------------------------------------------------------------------
/docs/concepts/logs.md:
--------------------------------------------------------------------------------
1 | ---
2 | parent: Concepts
3 | ---
4 |
5 | # Logs
6 |
7 | Separately from the [events](events.md) a sync server may receive in (close to)
8 | real-time, with metadata that is helpful for maintaining rules, Santa logs to
9 | `/var/db/santa/santa.log` by default (configurable with the [EventLogPath](../deployment/configuration.md)
10 | key). All detected executions and disk mount operations are logged there.
11 | File operations (when needed for functionality otherwise referred to as "file
12 | integrity monitoring") can also be configured to be logged. See the
13 | `FileChangesRegex` key in the [configuration.md](../deployment/configuration.md) document.
14 |
15 | To view the logs:
16 |
17 | ```sh
18 | tail -F /var/db/santa/santa.log
19 | ```
20 |
21 | The `-F` will continue watching the path even when the current file fills up and
22 | rolls over.
23 |
24 | ##### macOS Unified Logging System (ULS)
25 |
26 | For information more specific to Santa's health and operation, logs are also
27 | present in ULS. Using the `show` command you can view Santa-specific logs in
28 | flight, including messages related to the system extension:
29 |
30 | ```sh
31 | /usr/bin/log show --info --debug --predicate 'senderImagePath CONTAINS[c] "santa"'
32 | ```
33 |
--------------------------------------------------------------------------------
/docs/concepts/santa_ipc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/concepts/santa_ipc.png
--------------------------------------------------------------------------------
/docs/deployment/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Deployment
3 | has_children: true
4 | nav_order: 3
5 | ---
6 |
7 |
--------------------------------------------------------------------------------
/docs/development/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Development
3 | has_children: true
4 | nav_order: 6
5 | ---
6 |
--------------------------------------------------------------------------------
/docs/images/santa-block.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/images/santa-block.gif
--------------------------------------------------------------------------------
/docs/images/santa-sleigh-256.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/santa/261425aa64bd49523ef99845dab04797da4fa614/docs/images/santa-sleigh-256.png
--------------------------------------------------------------------------------
/docs/introduction/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Intro
3 | has_children: true
4 | nav_order: 2
5 | ---
6 |
--------------------------------------------------------------------------------
/docs/known-limitations.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Known Limitations
3 | nav_order: 7
4 | ---
5 |
6 | ## Known limitations
7 |
8 | * Santa only blocks execution (execve and variants); it doesn't protect
9 | against dynamic libraries loaded with dlopen, libraries on disk that have
10 | been replaced, or libraries loaded using `DYLD_INSERT_LIBRARIES`.
11 |
12 | * Scripts: Santa is written to ignore any execution that isn't a binary. After
13 | weighing the administrative cost versus the benefit, we found it wasn't
14 | worthwhile to manage the execution of scripts. Additionally, several
15 | applications make use of temporary scripts, and blocking these could cause
16 | problems. We're happy to revisit this (or at least make it an option) if it
17 | would be useful to others.
18 |
19 | * USB Mass Storage Blocking: Santa's USB Mass Storage blocking feature only
20 | stops incidental data exfiltration. It is not meant as a hard control. It
21 | cannot block:
22 |
23 | * Directly writing to an unmounted, but attached device
24 |
25 | * Metrics reported by Santa are not currently in a format that is friendly to
26 | open source solutions
27 | ([Issue #563](https://github.com/google/santa/issues/563))
28 |
--------------------------------------------------------------------------------
/external:
--------------------------------------------------------------------------------
1 | bazel-out/../../../external
--------------------------------------------------------------------------------
/external_patches/OCMock/BUILD:
--------------------------------------------------------------------------------
1 | licenses(["notice"])
2 |
3 | package(
4 | default_visibility = ["//:santa_package_group"],
5 | )
6 |
--------------------------------------------------------------------------------
/external_patches/README.md:
--------------------------------------------------------------------------------
1 | This directory contains the patches that need to be applied to external dependencies brought in via the Bazel WORKSPACE file.
2 |
--------------------------------------------------------------------------------
/external_patches/moroz/BUILD:
--------------------------------------------------------------------------------
1 | licenses(["notice"])
2 |
3 | package(
4 | default_visibility = ["//:santa_package_group"],
5 | )
6 |
--------------------------------------------------------------------------------
/generate_cov.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | GIT_ROOT=$(git rev-parse --show-toplevel)
4 | BAZEL_EXEC_ROOT=$(bazel info execution_root)
5 | COV_FILE="$(bazel info output_path)/_coverage/_coverage_report.dat"
6 |
7 | function main() {
8 | bazel coverage \
9 | --experimental_use_llvm_covmap \
10 | --instrument_test_targets \
11 | --combined_report=lcov \
12 | --spawn_strategy=standalone \
13 | --test_env=LCOV_MERGER=/usr/bin/true \
14 | --test_output=all \
15 | //:unit_tests
16 |
17 | # The generated file has most of the source files relative to bazel's
18 | # execution_root path, so we strip that off as it prevents files being
19 | # picked up by Coveralls.
20 | sed -i '' "s,${BAZEL_EXEC_ROOT},${GIT_ROOT}," ${COV_FILE}
21 |
22 | # We also want to filter out files that aren't ours but which sometimes get
23 | # coverage data created anyway.
24 | sed -i '' '/SF:\/Applications.*/,/end_of_record/d' ${COV_FILE}
25 | sed -i '' '/SF:.*santa\/bazel-out.*/,/end_of_record/d' ${COV_FILE}
26 |
27 | find bazel-out/ -name "*.dat" -type f | tar -czf "raw_coverages.tgz" -T -
28 | }
29 | main
30 |
--------------------------------------------------------------------------------
/profiles/BUILD:
--------------------------------------------------------------------------------
1 | package(
2 | default_visibility = ["//:santa_package_group"],
3 | )
4 |
5 | licenses(["notice"])
6 |
7 | filegroup(
8 | name = "santa_dev",
9 | srcs = ["Santa_Dev.provisionprofile"],
10 | )
11 |
12 | filegroup(
13 | name = "daemon_dev",
14 | srcs = ["Santa_Daemon_Dev.provisionprofile"],
15 | )
16 |
--------------------------------------------------------------------------------