santa icon indicating copy to clipboard operation
santa copied to clipboard

Published 20 hours ago verified publisher icon google

Please update documentation for rule evaluation precedence with bundles

Open zku opened this issue 7 years ago • 2 comments
trafficstars

The current documentation [0] does not yet mention bundles [1] and how those influence allow/deny behavior. A quick mention of the new evaluation precedence that includes bundles would be nice. Thanks!

[0] https://github.com/google/santa/blob/master/Docs/details/rules.md [1] https://github.com/google/santa/blob/master/Docs/details/santabs.md

zku avatar Dec 22 '17 09:12 zku

The quick answer is they don't. There is no notion of a bundle rule. Any rules generated by a sync server, in response to a bundle event, come down to Santa as binary rules.

tburgin avatar Jan 04 '18 20:01 tburgin

Leaving this open so we can document them better.

tburgin avatar Jan 04 '18 20:01 tburgin

This is documented in https://github.com/google/santa/blob/main/docs/concepts/rules.md#rule-evaluation

To recap as of 2023.6 the precedence for rules is from (Most Specific to Least Specific):

flowchart LR
   A[SHA256 Rules] --> B[Signing ID Rules] --> C[Certificate SHA256 Rules] --> D[TEAMID Rules]

pmarkowsky avatar Aug 14 '23 20:08 pmarkowsky