Skip to content

Commit

Permalink
Fix USB state issue in santactl status
Browse files Browse the repository at this point in the history
  • Loading branch information
mlw committed Nov 29, 2023
1 parent d503eae commit c8fef60
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 15 deletions.
2 changes: 2 additions & 0 deletions Source/common/SNTXPCUnprivilegedControlInterface.h
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@
- (void)syncCleanRequired:(void (^)(BOOL))reply;
- (void)enableBundles:(void (^)(BOOL))reply;
- (void)enableTransitiveRules:(void (^)(BOOL))reply;
- (void)blockUSBMount:(void (^)(BOOL))reply;
- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply;

///
/// Metrics ops
Expand Down
26 changes: 14 additions & 12 deletions Source/santactl/Commands/SNTCommandStatus.m
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ + (NSString *)longHelpText {
}

- (void)runWithArguments:(NSArray *)arguments {
dispatch_group_t group = dispatch_group_create();
id<SNTDaemonControlXPC> rop = [self.daemonConn synchronousRemoteObjectProxy];

// Daemon status
Expand Down Expand Up @@ -169,10 +168,15 @@ - (void)runWithArguments:(NSArray *)arguments {
}
}];

// Wait a maximum of 5s for stats collected from daemon to arrive.
if (dispatch_group_wait(group, dispatch_time(DISPATCH_TIME_NOW, NSEC_PER_SEC * 5))) {
fprintf(stderr, "Failed to retrieve some stats from daemon\n\n");
}
__block BOOL blockUSBMount = NO;
[rop blockUSBMount:^(BOOL response) {
blockUSBMount = response;
}];

__block NSArray<NSString *> *remountUSBMode;
[rop remountUSBMode:^(NSArray<NSString *> *response) {
remountUSBMode = response;
}];

// Format dates
NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
Expand Down Expand Up @@ -202,10 +206,8 @@ - (void)runWithArguments:(NSArray *)arguments {
@"watchdog_ram_events" : @(ramEvents),
@"watchdog_cpu_peak" : @(cpuPeak),
@"watchdog_ram_peak" : @(ramPeak),
@"block_usb" : @(configurator.blockUSBMount),
@"remount_usb_mode" : (configurator.blockUSBMount && configurator.remountUSBMode.count
? configurator.remountUSBMode
: @""),
@"block_usb" : @(blockUSBMount),
@"remount_usb_mode" : (blockUSBMount && remountUSBMode.count ? remountUSBMode : @""),
@"on_start_usb_options" : StartupOptionToString(configurator.onStartUSBOptions),
},
@"database" : @{
Expand Down Expand Up @@ -262,10 +264,10 @@ - (void)runWithArguments:(NSArray *)arguments {
printf(" %-25s | %s\n", "Mode", [clientMode UTF8String]);
printf(" %-25s | %s\n", "Log Type", [eventLogType UTF8String]);
printf(" %-25s | %s\n", "File Logging", (fileLogging ? "Yes" : "No"));
printf(" %-25s | %s\n", "USB Blocking", (configurator.blockUSBMount ? "Yes" : "No"));
if (configurator.blockUSBMount && configurator.remountUSBMode.count > 0) {
printf(" %-25s | %s\n", "USB Blocking", (blockUSBMount ? "Yes" : "No"));
if (blockUSBMount && remountUSBMode.count > 0) {
printf(" %-25s | %s\n", "USB Remounting Mode",
[[configurator.remountUSBMode componentsJoinedByString:@", "] UTF8String]);
[[remountUSBMode componentsJoinedByString:@", "] UTF8String]);
}
printf(" %-25s | %s\n", "On Start USB Options",
StartupOptionToString(configurator.onStartUSBOptions).UTF8String);
Expand Down
9 changes: 9 additions & 0 deletions Source/santad/SNTDaemonControlController.mm
Original file line number Diff line number Diff line change
Expand Up @@ -258,10 +258,19 @@ - (void)setBlockedPathRegex:(NSString *)pattern reply:(void (^)(void))reply {
reply();
}

- (void)blockUSBMount:(void (^)(BOOL))reply {
reply([[SNTConfigurator configurator] blockUSBMount]);
}

- (void)setBlockUSBMount:(BOOL)enabled reply:(void (^)(void))reply {
[[SNTConfigurator configurator] setBlockUSBMount:enabled];
reply();
}

- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply {
reply([[SNTConfigurator configurator] remountUSBMode]);
}

- (void)setRemountUSBMode:(NSArray *)remountUSBMode reply:(void (^)(void))reply {
[[SNTConfigurator configurator] setRemountUSBMode:remountUSBMode];
reply();
Expand Down
6 changes: 3 additions & 3 deletions Source/santad/SNTExecutionController.mm
Original file line number Diff line number Diff line change
Expand Up @@ -265,15 +265,15 @@ - (void)validateExecEvent:(const Message &)esMsg postAction:(bool (^)(SNTAction)
absl::ReaderMutexLock lock(&self->_entitlementFilterMutex);

if (teamID && self->_entitlementsTeamIDFilter.count(std::string(teamID)) > 0) {
LOGD(@"Dropping entitlement logging for configured TeamID: %s", teamID);
// Dropping entitlement logging for configured TeamID
return nil;
}

if (self->_entitlementsPrefixFilter->NodeCount() == 0) {
LOGD(@"Copying full entitlements for tid: %s", teamID);
// Copying full entitlements for TeamID
return [entitlements sntDeepCopy];
} else {
LOGD(@"Filtering entitlements for tid: %s", teamID);
// Filtering entitlements for TeamID
NSMutableDictionary *filtered = [NSMutableDictionary dictionary];

[entitlements enumerateKeysAndObjectsUsingBlock:^(NSString *key, id obj, BOOL *stop) {
Expand Down

0 comments on commit c8fef60

Please sign in to comment.