Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add transitive whitelisting to Santa #224

Merged
merged 46 commits into from
Jul 20, 2018
Merged
Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
8f972eb
prototype code for santa transitive whitelisting
nguyen-phillip Nov 2, 2017
48b656d
prototype code for santa transitive whitelisting
nguyen-phillip Nov 2, 2017
1a9d07b
added a separate message queue to handle events related to compiler w…
nguyen-phillip Dec 4, 2017
0d77a2c
Merge remote-tracking branch 'origin/master' into compiler
nguyen-phillip Dec 4, 2017
a594175
forgot to add updated project.pbxproj file with commit
nguyen-phillip Dec 5, 2017
881322f
Replaced functionality of compiler vnode cache with new ACTION_RESPON…
nguyen-phillip Dec 7, 2017
7a32d31
Removed separate compiler message queue; send these messages to decis…
nguyen-phillip Dec 7, 2017
0f9d63a
Remove references to DevelopmentTeam from project.pbxproj
nguyen-phillip Dec 7, 2017
163ac9b
Define KAUTH_FILEOP_WRITE as a larger constant to avoid future conflicts
nguyen-phillip Dec 7, 2017
47a981e
Remove reference to Podfile.lock
nguyen-phillip Dec 7, 2017
16092cd
replace copyright notice
nguyen-phillip Dec 7, 2017
0b106e4
moved compiler process exit monitoring from userspace to kernelspace
nguyen-phillip Dec 8, 2017
9c4c7fa
switched from IOCreateThread to kernel_thread_start and friends
nguyen-phillip Dec 8, 2017
6348fd1
added timestamps to transitive rules & extra info to santactl status
nguyen-phillip Dec 8, 2017
04d8f41
Send transitive rule state back to kernel so that it is stored in dec…
nguyen-phillip Dec 12, 2017
fef9351
update timestamp of transitive rules whenever they are accessed for e…
nguyen-phillip Dec 12, 2017
0e840d2
some minor cleanup
nguyen-phillip Dec 12, 2017
c4b47e1
Stop watching RENAME actions for transitive whitelisting. Don't look …
nguyen-phillip Dec 12, 2017
43ce8aa
add ability for sync server to send down WHITELIST_COMPILER rules and…
nguyen-phillip Dec 13, 2017
83649ee
made SNTRule timestamp property readonly, plus other fixes
nguyen-phillip Dec 13, 2017
079a6d3
rename refreshTimestampForRule: to resetTimestampForRule
nguyen-phillip Dec 13, 2017
dc10e23
refresh transitive rule timestamps based on ACTION_NOTIFY_EXEC messag…
nguyen-phillip Dec 14, 2017
d35f0b5
fix broken testPreflighDatabaseCounts
nguyen-phillip Dec 14, 2017
6cb4ad5
don't pass SantaDecisionManager ref to process monitoring threads, in…
nguyen-phillip Dec 15, 2017
aa01a79
remove most of the debugging cruft
nguyen-phillip Jan 4, 2018
a08e7f8
some minor fixes
nguyen-phillip Jan 8, 2018
88b0972
fix merge conflict
nguyen-phillip Jan 8, 2018
0cb3d6a
Merge branch 'master' into compiler
nguyen-phillip Jan 8, 2018
1cd9551
Merge branch 'master' into compiler
nguyen-phillip Jan 8, 2018
8f82370
added compiler and transitive rule tests to SNTExecutionControllerTest.m
nguyen-phillip Jan 8, 2018
1b687a1
Merge branch 'compiler' of https://github.com/nguyen-phillip/santa in…
nguyen-phillip Jan 8, 2018
d2df097
merge with upstream, renumber ACTION_RESPOND_ALLOW enums
nguyen-phillip Jan 24, 2018
340f59d
* Pass SantaDecisionManager to the pid monitor threads so that compil…
nguyen-phillip Jan 25, 2018
b9c7585
Allow enabling of transitive whitelisting from mobile config.
nguyen-phillip Jan 29, 2018
c293d5d
Add a temporary allow rule to kernel's decision cache for files writt…
nguyen-phillip Feb 1, 2018
a9201dd
compiler_pid_set_ now maps pid to ppid and a given process is considered
nguyen-phillip Feb 1, 2018
91c5d71
renamed ACTION_RESPOND_TEMPORARY to ACTION_RESPOND_PENDING_TRANSITIVE…
nguyen-phillip Feb 7, 2018
e583712
Merge remote-tracking branch 'origin/master' into compiler
nguyen-phillip May 21, 2018
75de096
fix formatting
nguyen-phillip May 29, 2018
6d295c9
merged up to #267
nguyen-phillip May 29, 2018
ca00a28
Started watching for KAUTH_FILEOP_RENAME in addition to KAUTH_FILEOP_…
nguyen-phillip May 29, 2018
e0bf6dd
Merge remote-tracking branch 'origin/master' into compiler
nguyen-phillip May 30, 2018
16769e8
merge
nguyen-phillip Jul 16, 2018
93a7e86
Add kernel tests for transitive whitelisting
nguyen-phillip Jul 16, 2018
bba1aee
fix comments
nguyen-phillip Jul 16, 2018
21561ef
don't hardcode ld path; fix indentation
nguyen-phillip Jul 17, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions Santa.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,8 @@
59D56CF2D9C5BD9B7E3CC56D /* libPods-santad-santabs.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 14B98F4051188ECB7D024331 /* libPods-santad-santabs.a */; };
81133DB01F3A76F700917FF9 /* SNTCommand.m in Sources */ = {isa = PBXBuildFile; fileRef = 81133DAF1F3A75CE00917FF9 /* SNTCommand.m */; };
81133DB11F3A77C600917FF9 /* SNTCommand.m in Sources */ = {isa = PBXBuildFile; fileRef = 81133DAF1F3A75CE00917FF9 /* SNTCommand.m */; };
81A00E7F1FD74F8E00A84676 /* SNTCompilerController.m in Sources */ = {isa = PBXBuildFile; fileRef = 81A00E7E1FD74EFF00A84676 /* SNTCompilerController.m */; };
81A00E801FD74F9100A84676 /* SNTCompilerController.m in Sources */ = {isa = PBXBuildFile; fileRef = 81A00E7E1FD74EFF00A84676 /* SNTCompilerController.m */; };
B352A545B76783D568A6D0C5 /* libPods-Santa.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 90E9D568200AB9B642E06272 /* libPods-Santa.a */; };
C714F8B11D8044D400700EDF /* SNTCommandFileInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD5FBE1909D64A006B445C /* SNTCommandFileInfo.m */; };
C714F8B21D8044FE00700EDF /* SNTCommandController.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D35BDAB18FD7CFD00921A21 /* SNTCommandController.m */; };
Expand Down Expand Up @@ -431,6 +433,8 @@
7D949AA996AEAC326A4F6596 /* libPods-LogicTests.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-LogicTests.a"; sourceTree = BUILT_PRODUCTS_DIR; };
81133DAE1F3A75CE00917FF9 /* SNTCommand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTCommand.h; sourceTree = "<group>"; };
81133DAF1F3A75CE00917FF9 /* SNTCommand.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTCommand.m; sourceTree = "<group>"; };
81A00E7D1FD74EFF00A84676 /* SNTCompilerController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTCompilerController.h; sourceTree = "<group>"; };
81A00E7E1FD74EFF00A84676 /* SNTCompilerController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTCompilerController.m; sourceTree = "<group>"; };
8EF10E4B8C86CED022C72F1B /* Pods-santactl.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-santactl.debug.xcconfig"; path = "Pods/Target Support Files/Pods-santactl/Pods-santactl.debug.xcconfig"; sourceTree = "<group>"; };
90E9D568200AB9B642E06272 /* libPods-Santa.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-Santa.a"; sourceTree = BUILT_PRODUCTS_DIR; };
A6A91785C40257CC156B4F05 /* Pods-Santa.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Santa.release.xcconfig"; path = "Pods/Target Support Files/Pods-Santa/Pods-Santa.release.xcconfig"; sourceTree = "<group>"; };
Expand Down Expand Up @@ -767,6 +771,8 @@
0DB8ACC0185662DC00FEF9C7 /* SNTApplication.m */,
0DE71A731B95F7F900518526 /* SNTCachedDecision.h */,
0DE71A741B95F7F900518526 /* SNTCachedDecision.m */,
81A00E7D1FD74EFF00A84676 /* SNTCompilerController.h */,
81A00E7E1FD74EFF00A84676 /* SNTCompilerController.m */,
0D8E18CB19107B56000F89B8 /* SNTDaemonControlController.h */,
0D8E18CC19107B56000F89B8 /* SNTDaemonControlController.m */,
0D63DD5A1906FCB400D346C4 /* SNTDatabaseController.h */,
Expand Down Expand Up @@ -1227,7 +1233,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
showEnvVarsInLog = 0;
};
2146C1274A8C11B3755A8A67 /* [CP] Check Pods Manifest.lock */ = {
Expand All @@ -1242,7 +1248,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
showEnvVarsInLog = 0;
};
23869BA352E2C86DEFE62819 /* [CP] Copy Pods Resources */ = {
Expand Down Expand Up @@ -1302,7 +1308,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
showEnvVarsInLog = 0;
};
B193461D3612BCB47C16E407 /* [CP] Check Pods Manifest.lock */ = {
Expand All @@ -1317,7 +1323,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
showEnvVarsInLog = 0;
};
BA20035148DDEF5808B2C7EF /* [CP] Embed Pods Frameworks */ = {
Expand Down Expand Up @@ -1364,7 +1370,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n";
shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
showEnvVarsInLog = 0;
};
D49A3AB950AFD99741E9AF89 /* [CP] Embed Pods Frameworks */ = {
Expand Down Expand Up @@ -1465,6 +1471,7 @@
0D41DAD41A7C28C800A890FE /* SNTEventTableTest.m in Sources */,
0D3AFBEE18FB4C6C0087BCEE /* SNTApplication.m in Sources */,
0DD0D48F194F78F8005F27EB /* SNTFileInfoTest.m in Sources */,
81A00E801FD74F9100A84676 /* SNTCompilerController.m in Sources */,
0DC5D86E191AED220078A5C0 /* SNTRuleTable.m in Sources */,
0DD0D492194F9BEF005F27EB /* SNTLogging.m in Sources */,
0DE71A761B95F7F900518526 /* SNTCachedDecision.m in Sources */,
Expand Down Expand Up @@ -1574,6 +1581,7 @@
0D377C2A17A071B7008453DB /* SNTEventTable.m in Sources */,
0DE50F681912716A007B2B0C /* SNTRule.m in Sources */,
0DB77FD81CCE824A004DF060 /* SNTBlockMessage.m in Sources */,
81A00E7F1FD74F8E00A84676 /* SNTCompilerController.m in Sources */,
0D37C10F18F6029A0069BC61 /* SNTDatabaseTable.m in Sources */,
0D42D2B819D2042900955F08 /* SNTConfigurator.m in Sources */,
0DCD605519115D17006B445C /* SNTXPCControlInterface.m in Sources */,
Expand Down
5 changes: 5 additions & 0 deletions Source/common/SNTCommonEnums.h
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ typedef NS_ENUM(NSInteger, SNTRuleState) {
SNTRuleStateBlacklist = 2,
SNTRuleStateSilentBlacklist = 3,
SNTRuleStateRemove = 4,

SNTRuleStateWhitelistCompiler = 5,
SNTRuleStateWhitelistTransitive = 6,
};

typedef NS_ENUM(NSInteger, SNTClientMode) {
Expand All @@ -58,6 +61,8 @@ typedef NS_ENUM(NSInteger, SNTEventState) {
SNTEventStateAllowBinary = 1 << 25,
SNTEventStateAllowCertificate = 1 << 26,
SNTEventStateAllowScope = 1 << 27,
SNTEventStateAllowCompiler = 1 << 28,
SNTEventStateAllowTransitive = 1 << 29,

// Block and Allow masks
SNTEventStateBlock = 0xFF << 16,
Expand Down
9 changes: 9 additions & 0 deletions Source/common/SNTConfigurator.h
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,15 @@ extern NSString *const kMobileConfigFilePath;
///
@property BOOL bundlesEnabled;

#pragma mark Transitive Whitelisting Settings

///
/// If YES, binaries marked with SNTRuleStateWhitelistCompiler rules are allowed to transitively
/// whitelist any executables that they produce. If NO, SNTRuleStateWhitelistCompiler rules are
/// interpreted as if they were simply SNTRuleStateWhitelist rules. Defaults to NO.
///
@property BOOL transitiveWhitelistingEnabled;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There doesn't seem to be any corresponding keys in the .m for this, so it's not configurable in a mobileconfig or persisted between runs from a sync server. I think it should probably be one of those keys that can be configured with a mobileconfig but can be overridden by a server, so you'll need to add a key constant and add it to both the arrays in init.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. added key to both with a DEBUG guard around the syncServerKeys entry to be removed when the sync server supports it.


#pragma mark Server Auth Settings

///
Expand Down
10 changes: 8 additions & 2 deletions Source/common/SNTKernelCommon.h
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@
enum SantaDriverMethods {
kSantaUserClientOpen,
kSantaUserClientAllowBinary,
kSantaUserClientAllowCompiler,
kSantaUserClientAllowTransitive,
kSantaUserClientDenyBinary,
kSantaUserClientClearCache,
kSantaUserClientCacheCount,
Expand All @@ -48,7 +50,7 @@ enum SantaDriverMethods {

typedef enum {
QUEUETYPE_DECISION,
QUEUETYPE_LOG
QUEUETYPE_LOG,
} santa_queuetype_t;

// Enum defining actions that can be passed down the IODataQueue and in
Expand All @@ -63,6 +65,8 @@ typedef enum {
// RESPONSES
ACTION_RESPOND_ALLOW = 20,
ACTION_RESPOND_DENY = 21,
ACTION_RESPOND_ALLOW_COMPILER = 22,
ACTION_RESPOND_ALLOW_TRANSITIVE = 23,

// NOTIFY
ACTION_NOTIFY_EXEC = 30,
Expand All @@ -71,13 +75,15 @@ typedef enum {
ACTION_NOTIFY_LINK = 33,
ACTION_NOTIFY_EXCHANGE = 34,
ACTION_NOTIFY_DELETE = 35,
ACTION_NOTIFY_CLOSE = 36,

// ERROR
ACTION_ERROR = 99,
} santa_action_t;

#define RESPONSE_VALID(x) \
(x == ACTION_RESPOND_ALLOW || x == ACTION_RESPOND_DENY)
(x == ACTION_RESPOND_ALLOW || x == ACTION_RESPOND_DENY || x == ACTION_RESPOND_ALLOW_COMPILER || \
x == ACTION_RESPOND_ALLOW_TRANSITIVE)

// Message struct that is sent down the IODataQueue.
typedef struct {
Expand Down
20 changes: 20 additions & 0 deletions Source/common/SNTRule.h
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,32 @@
///
@property(copy) NSString *customMsg;

///
/// The time when this rule was last retrieved from the rules database, if rule is transitive.
/// Stored as number of seconds since 00:00:00 UTC on 1 January 2001.
///
@property(readonly) NSUInteger timestamp;

///
/// Designated initializer.
///
- (instancetype)initWithShasum:(NSString *)shasum
state:(SNTRuleState)state
type:(SNTRuleType)type
customMsg:(NSString *)customMsg
timestamp:(NSUInteger)timestamp;

///
/// Initialize with a default timestamp: current time if rule state is transitive, 0 otherwise.
///
- (instancetype)initWithShasum:(NSString *)shasum
state:(SNTRuleState)state
type:(SNTRuleType)type
customMsg:(NSString *)customMsg;

///
/// Sets timestamp of rule to the current time.
///
- (void)resetTimestamp;

@end
37 changes: 34 additions & 3 deletions Source/common/SNTRule.m
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,45 @@

#import "SNTRule.h"

@interface SNTRule()
@property(readwrite) NSUInteger timestamp;
@end

@implementation SNTRule

- (instancetype)initWithShasum:(NSString *)shasum
state:(SNTRuleState)state
type:(SNTRuleType)type
customMsg:(NSString *)customMsg {
customMsg:(NSString *)customMsg
timestamp:(NSUInteger)timestamp {
self = [super init];
if (self) {
_shasum = shasum;
_state = state;
_type = type;
_customMsg = customMsg;
_timestamp = timestamp;
}
return self;
}

- (instancetype)initWithShasum:(NSString *)shasum
state:(SNTRuleState)state
type:(SNTRuleType)type
customMsg:(NSString *)customMsg {
self = [self initWithShasum:shasum
state:state
type:type
customMsg:customMsg
timestamp:0];
// Initialize timestamp to current time if rule is transitive.
if (self && state == SNTRuleStateWhitelistTransitive) {
[self resetTimestamp];
}
return self;
}


#pragma mark NSSecureCoding

#define ENCODE(obj, key) if (obj) [coder encodeObject:obj forKey:key]
Expand All @@ -44,6 +67,7 @@ - (void)encodeWithCoder:(NSCoder *)coder {
ENCODE(@(self.state), @"state");
ENCODE(@(self.type), @"type");
ENCODE(self.customMsg, @"custommsg");
ENCODE(@(self.timestamp), @"timestamp");
}

- (instancetype)initWithCoder:(NSCoder *)decoder {
Expand All @@ -53,6 +77,7 @@ - (instancetype)initWithCoder:(NSCoder *)decoder {
_state = [DECODE(NSNumber, @"state") intValue];
_type = [DECODE(NSNumber, @"type") intValue];
_customMsg = DECODE(NSString, @"custommsg");
_timestamp = [DECODE(NSNumber, @"timestamp") unsignedIntegerValue];
}
return self;
}
Expand All @@ -77,8 +102,14 @@ - (NSUInteger)hash {
}

- (NSString *)description {
return [NSString stringWithFormat:@"SNTRule: SHA-256: %@, State: %ld, Type: %ld",
self.shasum, self.state, self.type];
return [NSString stringWithFormat:@"SNTRule: SHA-256: %@, State: %ld, Type: %ld, Timestamp: %lu",
self.shasum, self.state, self.type, (unsigned long)self.timestamp];
}

# pragma mark Last-access Timestamp

- (void)resetTimestamp {
self.timestamp = (NSUInteger)[[NSDate date] timeIntervalSinceReferenceDate];
}

@end
7 changes: 6 additions & 1 deletion Source/common/SNTXPCControlInterface.h
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@
///
/// Database ops
///
- (void)databaseRuleCounts:(void (^)(int64_t binary, int64_t certificate))reply;
- (void)databaseRuleCounts:(void (^)(int64_t binary,
int64_t certificate,
int64_t compiler,
int64_t transitive))reply;
- (void)databaseRuleAddRules:(NSArray *)rules
cleanSlate:(BOOL)cleanSlate
reply:(void (^)(NSError *error))reply;
Expand Down Expand Up @@ -82,6 +85,8 @@
- (void)setBlacklistPathRegex:(NSString *)pattern reply:(void (^)())reply;
- (void)bundlesEnabled:(void (^)(BOOL))reply;
- (void)setBundlesEnabled:(BOOL)bundlesEnabled reply:(void (^)())reply;
- (void)transitiveWhitelistingEnabled:(void (^)(BOOL))reply;
- (void)setTransitiveWhitelistingEnabled:(BOOL)enabled reply:(void (^)())reply;

///
/// GUI Ops
Expand Down
Loading