santad: Don't get code signature info for non Mach-O's. (#277)

google · Jun 5, 2018 · 9595f80 · 9595f80
1 parent 61a67e4
commit 9595f80
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/Source/santad/SNTExecutionController.m b/Source/santad/SNTExecutionController.m
@@ -115,14 +115,16 @@ - (void)validateBinaryWithMessage:(santa_message_t)message {
     [_driverManager postToKernelAction:ACTION_RESPOND_ACK forVnodeID:message.vnode_id];
   }
 
-  // Get codesigning info about the file.
-  NSError *csError;
-  MOLCodesignChecker *csInfo =
-      [[MOLCodesignChecker alloc] initWithBinaryPath:binInfo.path
-                                      fileDescriptor:binInfo.fileHandle.fileDescriptor
-                                               error:&csError];
-  // Ignore codesigning if there are any errors with the signature.
-  if (csError) csInfo = nil;
+  // Get codesigning info about the file but only if it's a Mach-O.
+  MOLCodesignChecker *csInfo;
+  if (binInfo.isMachO) {
+    NSError *csError;
+    csInfo = [[MOLCodesignChecker alloc] initWithBinaryPath:binInfo.path
+                                             fileDescriptor:binInfo.fileHandle.fileDescriptor
+                                                      error:&csError];
+    // Ignore codesigning if there are any errors with the signature.
+    if (csError) csInfo = nil;
+  }
 
   // Actually make the decision.
   SNTCachedDecision *cd = [self.policyProcessor decisionForFileInfo:binInfo