Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix USB state issue in santactl status #1244

Merged
merged 1 commit into from
Nov 29, 2023
Merged

Fix USB state issue in santactl status #1244

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Source/common/SNTXPCUnprivilegedControlInterface.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@
- (void)syncCleanRequired:(void (^)(BOOL))reply;
- (void)enableBundles:(void (^)(BOOL))reply;
- (void)enableTransitiveRules:(void (^)(BOOL))reply;
- (void)blockUSBMount:(void (^)(BOOL))reply;
- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply;

///
/// Metrics ops
Expand Down
26 changes: 14 additions & 12 deletions Source/santactl/Commands/SNTCommandStatus.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ + (NSString *)longHelpText {
}

- (void)runWithArguments:(NSArray *)arguments {
dispatch_group_t group = dispatch_group_create();
id<SNTDaemonControlXPC> rop = [self.daemonConn synchronousRemoteObjectProxy];

// Daemon status
Expand Down Expand Up @@ -169,10 +168,15 @@ - (void)runWithArguments:(NSArray *)arguments {
}
}];

// Wait a maximum of 5s for stats collected from daemon to arrive.
if (dispatch_group_wait(group, dispatch_time(DISPATCH_TIME_NOW, NSEC_PER_SEC * 5))) {
fprintf(stderr, "Failed to retrieve some stats from daemon\n\n");
}
__block BOOL blockUSBMount = NO;
[rop blockUSBMount:^(BOOL response) {
blockUSBMount = response;
}];

__block NSArray<NSString *> *remountUSBMode;
[rop remountUSBMode:^(NSArray<NSString *> *response) {
remountUSBMode = response;
}];

// Format dates
NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
Expand Down Expand Up @@ -202,10 +206,8 @@ - (void)runWithArguments:(NSArray *)arguments {
@"watchdog_ram_events" : @(ramEvents),
@"watchdog_cpu_peak" : @(cpuPeak),
@"watchdog_ram_peak" : @(ramPeak),
@"block_usb" : @(configurator.blockUSBMount),
@"remount_usb_mode" : (configurator.blockUSBMount && configurator.remountUSBMode.count
? configurator.remountUSBMode
: @""),
@"block_usb" : @(blockUSBMount),
@"remount_usb_mode" : (blockUSBMount && remountUSBMode.count ? remountUSBMode : @""),
@"on_start_usb_options" : StartupOptionToString(configurator.onStartUSBOptions),
},
@"database" : @{
Expand Down Expand Up @@ -262,10 +264,10 @@ - (void)runWithArguments:(NSArray *)arguments {
printf(" %-25s | %s\n", "Mode", [clientMode UTF8String]);
printf(" %-25s | %s\n", "Log Type", [eventLogType UTF8String]);
printf(" %-25s | %s\n", "File Logging", (fileLogging ? "Yes" : "No"));
printf(" %-25s | %s\n", "USB Blocking", (configurator.blockUSBMount ? "Yes" : "No"));
if (configurator.blockUSBMount && configurator.remountUSBMode.count > 0) {
printf(" %-25s | %s\n", "USB Blocking", (blockUSBMount ? "Yes" : "No"));
if (blockUSBMount && remountUSBMode.count > 0) {
printf(" %-25s | %s\n", "USB Remounting Mode",
[[configurator.remountUSBMode componentsJoinedByString:@", "] UTF8String]);
[[remountUSBMode componentsJoinedByString:@", "] UTF8String]);
}
printf(" %-25s | %s\n", "On Start USB Options",
StartupOptionToString(configurator.onStartUSBOptions).UTF8String);
Expand Down
9 changes: 9 additions & 0 deletions Source/santad/SNTDaemonControlController.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,10 +258,19 @@ - (void)setBlockedPathRegex:(NSString *)pattern reply:(void (^)(void))reply {
reply();
}

- (void)blockUSBMount:(void (^)(BOOL))reply {
reply([[SNTConfigurator configurator] blockUSBMount]);
}

- (void)setBlockUSBMount:(BOOL)enabled reply:(void (^)(void))reply {
[[SNTConfigurator configurator] setBlockUSBMount:enabled];
reply();
}

- (void)remountUSBMode:(void (^)(NSArray<NSString *> *))reply {
reply([[SNTConfigurator configurator] remountUSBMode]);
}

- (void)setRemountUSBMode:(NSArray *)remountUSBMode reply:(void (^)(void))reply {
[[SNTConfigurator configurator] setRemountUSBMode:remountUSBMode];
reply();
Expand Down
6 changes: 3 additions & 3 deletions Source/santad/SNTExecutionController.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,15 +265,15 @@ - (void)validateExecEvent:(const Message &)esMsg postAction:(bool (^)(SNTAction)
absl::ReaderMutexLock lock(&self->_entitlementFilterMutex);

if (teamID && self->_entitlementsTeamIDFilter.count(std::string(teamID)) > 0) {
LOGD(@"Dropping entitlement logging for configured TeamID: %s", teamID);
// Dropping entitlement logging for configured TeamID
mlw marked this conversation as resolved.
Show resolved Hide resolved
return nil;
}

if (self->_entitlementsPrefixFilter->NodeCount() == 0) {
LOGD(@"Copying full entitlements for tid: %s", teamID);
// Copying full entitlements for TeamID
return [entitlements sntDeepCopy];
} else {
LOGD(@"Filtering entitlements for tid: %s", teamID);
// Filtering entitlements for TeamID
NSMutableDictionary *filtered = [NSMutableDictionary dictionary];

[entitlements enumerateKeysAndObjectsUsingBlock:^(NSString *key, id obj, BOOL *stop) {
Expand Down