Matt W
Matt W
This is a work-in-progress, being released in draft form in order to solicit early feedback. ## Building / Running Build using the following command: ``` bazel build --apple_generate_dsym -c opt...
This is a major refactor with the overall major goals of: 1. Utilize more C++/ObjectiveC++ * Help reduce the overall number of per-event allocations and copies 1. Wrap ES messages...
Santa should do the following: 1. On startup, evaluate all running processes against Santa's rules to determine if they should run 2. When new rules are received, running processes should...
The `SNTPolicyProcessor` via `MOLCodesignChecker` currently evaluates the `SecStaticCodeRef` of a file path when a new exec is authorized. This is a legacy limitation from when Santa deployed its own kext...
Currently, the File Access Authorization feature does not operate on access attempts from binaries within the default mute set. This is largely due to two issues: 1. The basic mechanism...
Something to follow-up on (possibly later) - these strings are returned by the `description` method in each of the event provider classes. We should find a way to use the...
It might be nice to have the ability to block old applications from running. We'd likely need a rule type to be a combined Cert Hash and Timestamp value. Binaries...
Transitive allowlisting is a powerful feature to allow developers to live in LOCKDOWN mode. However there are certain limitations in the current implementation that developers need to be aware of...
We should be explicit about how Santa is designed to interact with sync servers. This interaction is focused on enabling delivery of updated rules and configuration to clients. Logs/telemetry is...
### INITIAL DRAFT **Primary goal with the draft PR is to gather any final feedback on the proto impl before writing the encoders for the enriched types.** Once we're satisfied,...