From ba4c07febdad15a24caa161de39010f185f3f1f8 Mon Sep 17 00:00:00 2001
From: Matt White <436037+mlw@users.noreply.github.com>
Date: Wed, 29 Nov 2023 15:41:16 -0500
Subject: [PATCH] Fix USB state issue in santactl status

---
 .../SNTXPCUnprivilegedControlInterface.h      |  2 ++
 Source/santactl/Commands/SNTCommandStatus.m   | 26 ++++++++++---------
 Source/santad/SNTDaemonControlController.mm   |  9 +++++++
 Source/santad/SNTExecutionController.mm       |  6 ++---
 4 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/Source/common/SNTXPCUnprivilegedControlInterface.h b/Source/common/SNTXPCUnprivilegedControlInterface.h
index efd1a9e19..0bd69b5cc 100644
--- a/Source/common/SNTXPCUnprivilegedControlInterface.h
+++ b/Source/common/SNTXPCUnprivilegedControlInterface.h
@@ -71,6 +71,8 @@
 - (void)syncCleanRequired:(void (^)(BOOL))reply;
 - (void)enableBundles:(void (^)(BOOL))reply;
 - (void)enableTransitiveRules:(void (^)(BOOL))reply;
+- (void)blockUSBMount:(void (^)(BOOL))reply;
+- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply;
 
 ///
 /// Metrics ops
diff --git a/Source/santactl/Commands/SNTCommandStatus.m b/Source/santactl/Commands/SNTCommandStatus.m
index a5cba950b..beab69bcc 100644
--- a/Source/santactl/Commands/SNTCommandStatus.m
+++ b/Source/santactl/Commands/SNTCommandStatus.m
@@ -56,7 +56,6 @@ + (NSString *)longHelpText {
 }
 
 - (void)runWithArguments:(NSArray *)arguments {
-  dispatch_group_t group = dispatch_group_create();
   id<SNTDaemonControlXPC> rop = [self.daemonConn synchronousRemoteObjectProxy];
 
   // Daemon status
@@ -169,10 +168,15 @@ - (void)runWithArguments:(NSArray *)arguments {
     }
   }];
 
-  // Wait a maximum of 5s for stats collected from daemon to arrive.
-  if (dispatch_group_wait(group, dispatch_time(DISPATCH_TIME_NOW, NSEC_PER_SEC * 5))) {
-    fprintf(stderr, "Failed to retrieve some stats from daemon\n\n");
-  }
+  __block BOOL blockUSBMount = NO;
+  [rop blockUSBMount:^(BOOL response) {
+    blockUSBMount = response;
+  }];
+
+  __block NSArray<NSString *> *remountUSBMode;
+  [rop remountUSBMode:^(NSArray<NSString *> *response) {
+    remountUSBMode = response;
+  }];
 
   // Format dates
   NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
@@ -202,10 +206,8 @@ - (void)runWithArguments:(NSArray *)arguments {
         @"watchdog_ram_events" : @(ramEvents),
         @"watchdog_cpu_peak" : @(cpuPeak),
         @"watchdog_ram_peak" : @(ramPeak),
-        @"block_usb" : @(configurator.blockUSBMount),
-        @"remount_usb_mode" : (configurator.blockUSBMount && configurator.remountUSBMode.count
-                                 ? configurator.remountUSBMode
-                                 : @""),
+        @"block_usb" : @(blockUSBMount),
+        @"remount_usb_mode" : (blockUSBMount && remountUSBMode.count ? remountUSBMode : @""),
         @"on_start_usb_options" : StartupOptionToString(configurator.onStartUSBOptions),
       },
       @"database" : @{
@@ -262,10 +264,10 @@ - (void)runWithArguments:(NSArray *)arguments {
     printf("  %-25s | %s\n", "Mode", [clientMode UTF8String]);
     printf("  %-25s | %s\n", "Log Type", [eventLogType UTF8String]);
     printf("  %-25s | %s\n", "File Logging", (fileLogging ? "Yes" : "No"));
-    printf("  %-25s | %s\n", "USB Blocking", (configurator.blockUSBMount ? "Yes" : "No"));
-    if (configurator.blockUSBMount && configurator.remountUSBMode.count > 0) {
+    printf("  %-25s | %s\n", "USB Blocking", (blockUSBMount ? "Yes" : "No"));
+    if (blockUSBMount && remountUSBMode.count > 0) {
       printf("  %-25s | %s\n", "USB Remounting Mode",
-             [[configurator.remountUSBMode componentsJoinedByString:@", "] UTF8String]);
+             [[remountUSBMode componentsJoinedByString:@", "] UTF8String]);
     }
     printf("  %-25s | %s\n", "On Start USB Options",
            StartupOptionToString(configurator.onStartUSBOptions).UTF8String);
diff --git a/Source/santad/SNTDaemonControlController.mm b/Source/santad/SNTDaemonControlController.mm
index 31f637f81..12390d5ae 100644
--- a/Source/santad/SNTDaemonControlController.mm
+++ b/Source/santad/SNTDaemonControlController.mm
@@ -258,10 +258,19 @@ - (void)setBlockedPathRegex:(NSString *)pattern reply:(void (^)(void))reply {
   reply();
 }
 
+- (void)blockUSBMount:(void (^)(BOOL))reply {
+  reply([[SNTConfigurator configurator] blockUSBMount]);
+}
+
 - (void)setBlockUSBMount:(BOOL)enabled reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setBlockUSBMount:enabled];
   reply();
 }
+
+- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply {
+  reply([[SNTConfigurator configurator] remountUSBMode]);
+}
+
 - (void)setRemountUSBMode:(NSArray *)remountUSBMode reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setRemountUSBMode:remountUSBMode];
   reply();
diff --git a/Source/santad/SNTExecutionController.mm b/Source/santad/SNTExecutionController.mm
index 73628603f..eac869711 100644
--- a/Source/santad/SNTExecutionController.mm
+++ b/Source/santad/SNTExecutionController.mm
@@ -265,15 +265,15 @@ - (void)validateExecEvent:(const Message &)esMsg postAction:(bool (^)(SNTAction)
       absl::ReaderMutexLock lock(&self->_entitlementFilterMutex);
 
       if (teamID && self->_entitlementsTeamIDFilter.count(std::string(teamID)) > 0) {
-        LOGD(@"Dropping entitlement logging for configured TeamID: %s", teamID);
+        // Dropping entitlement logging for configured TeamID
         return nil;
       }
 
       if (self->_entitlementsPrefixFilter->NodeCount() == 0) {
-        LOGD(@"Copying full entitlements for tid: %s", teamID);
+        // Copying full entitlements for TeamID
         return [entitlements sntDeepCopy];
       } else {
-        LOGD(@"Filtering entitlements for tid: %s", teamID);
+        // Filtering entitlements for TeamID
         NSMutableDictionary *filtered = [NSMutableDictionary dictionary];
 
         [entitlements enumerateKeysAndObjectsUsingBlock:^(NSString *key, id obj, BOOL *stop) {