Require override action to be specific values. Add new sync setting t…

…o docs.
google · Sep 11, 2023 · b1d77b1 · b1d77b1
1 parent 1312c6b
commit b1d77b1
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m
@@ -13,7 +13,6 @@
 ///    limitations under the License.
 
 #import "Source/common/SNTConfigurator.h"
-#import "Source/common/SNTCommonEnums.h"
 
 #include <sys/stat.h>
 
@@ -949,7 +948,11 @@ - (BOOL)blockUSBMount {
 }
 
 - (void)setSyncServerOverrideFileAccessAction:(NSString *)action {
-  [self updateSyncStateForKey:kOverrideFileAccessActionKey value:action];
+  NSString *a = [action lowercaseString];
+  if ([a isEqualToString:@"auditonly"] || [a isEqualToString:@"disable"] ||
+      [a isEqualToString:@"none"] || [a isEqualToString:@""]) {
+    [self updateSyncStateForKey:kOverrideFileAccessActionKey value:action];
+  }
 }
 
 - (SNTOverrideFileAccessAction)overrideFileAccessAction {

diff --git a/docs/development/sync-protocol.md b/docs/development/sync-protocol.md
@@ -135,11 +135,12 @@ The JSON object has the following keys:
 | batch_size | YES | integer | Number of events to upload at a time | 128 |
 | full_sync_interval | YES | integer | Number of seconds between full syncs | 600 |
 | client_mode | YES | string | Operating mode to set for the client | either "MONITOR" or "LOCKDOWN" |
-| allowed_path_regex | NO | string | Regular expression to allow a binary to execute from a path | "/Users/markowsk/foo/.*" |
+| allowed_path_regex | NO | string | Regular expression to allow a binary to execute from a path | "/Users/markowsk/foo/.\*" |
 | blocked_path_regex | NO | string | Regular expression to block a binary from executing by path | "/tmp/" |
 | block_usb_mount | NO | boolean | Block USB mass storage devices | true |
 | remount_usb_mode | NO | string | Force USB mass storage devices to be remounted with the following permissions (see [configuration](../deployment/configuration.md)) |  |
 | clean_sync | YES | boolean | Whether or not the rules should be dropped and synced entirely from the server | true |
+| override_file_access_action | NO | string | Override file access config policy action. Must be:<br />1.) "Disable" to not log or block any rule violations.<br />2.) "AuditOnly" to only log violations, not block anything.<br />3.) "" (empty string) or "None" to not override the config. | "Disable", or "AuditOnly", or "" (empty string) |
 
 #### Example Preflight Response Payload