Update santactl fileinfo, sync, and status to show teamID info

Source/common/SNTXPCUnprivilegedControlInterface.h

@@ -39,7 +39,7 @@
 ///  Database ops
 ///
 - (void)databaseRuleCounts:(void (^)(int64_t binary, int64_t certificate, int64_t compiler,
-                                     int64_t transitive))reply;
+                                     int64_t transitive, int64_t teamID))reply;
 - (void)databaseEventCount:(void (^)(int64_t count))reply;
 
 ///

Source/santactl/Commands/SNTCommandFileInfo.m

@@ -41,6 +41,7 @@
 static NSString *const kRule = @"Rule";
 static NSString *const kSigningChain = @"Signing Chain";
 static NSString *const kUniversalSigningChain = @"Universal Signing Chain";
+static NSString *const kTeamID = @"Apple Developer Team ID";
 
 // signing chain keys
 static NSString *const kCommonName = @"Common Name";
@@ -109,6 +110,7 @@ @interface SNTCommandFileInfo : SNTCommand <SNTCommandProtocol>
 @property(readonly, copy, nonatomic) SNTAttributeBlock downloadURL;
 @property(readonly, copy, nonatomic) SNTAttributeBlock downloadTimestamp;
 @property(readonly, copy, nonatomic) SNTAttributeBlock downloadAgent;
+@property(readonly, copy, nonatomic) SNTAttributeBlock teamID;
 @property(readonly, copy, nonatomic) SNTAttributeBlock type;
 @property(readonly, copy, nonatomic) SNTAttributeBlock pageZero;
 @property(readonly, copy, nonatomic) SNTAttributeBlock codeSigned;
@@ -183,7 +185,7 @@ + (NSString *)longHelpText {
 + (NSArray<NSString *> *)fileInfoKeys {
   return @[
     kPath, kSHA256, kSHA1, kBundleName, kBundleVersion, kBundleVersionStr, kDownloadReferrerURL,
-    kDownloadURL, kDownloadTimestamp, kDownloadAgent, kType, kPageZero, kCodeSigned, kRule,
+    kDownloadURL, kDownloadTimestamp, kDownloadAgent, kTeamID, kType, kPageZero, kCodeSigned, kRule,
     kSigningChain, kUniversalSigningChain
   ];
 }
@@ -215,7 +217,8 @@ - (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn {
       kCodeSigned : self.codeSigned,
       kRule : self.rule,
       kSigningChain : self.signingChain,
-      kUniversalSigningChain : self.universalSigningChain
+      kUniversalSigningChain : self.universalSigningChain,
+      kTeamID : self.teamID,
     };
 
     _printQueue = dispatch_queue_create("com.google.santactl.print_queue", DISPATCH_QUEUE_SERIAL);
@@ -458,6 +461,13 @@ - (SNTAttributeBlock)universalSigningChain {
   };
 }
 
+- (SNTAttributeBlock)teamID {
+  return ^id(SNTCommandFileInfo *cmd, SNTFileInfo *fileInfo) {
+    MOLCodesignChecker *csc = [fileInfo codesignCheckerWithError:NULL];
+    return [csc.signingInformation valueForKey:@"teamid"];
+  };
+}
+
 #pragma mark -
 
 // Entry point for the command.

Source/santactl/Commands/SNTCommandStatus.m

@@ -94,17 +94,19 @@ - (void)runWithArguments:(NSArray *)arguments {
   }
 
   // Database counts
-  __block int64_t eventCount = -1, binaryRuleCount = -1, certRuleCount = -1;
+  __block int64_t eventCount = -1, binaryRuleCount = -1, certRuleCount = -1, teamIDRuleCount = -1;
   __block int64_t compilerRuleCount = -1, transitiveRuleCount = -1;
   dispatch_group_enter(group);
-  [[self.daemonConn remoteObjectProxy] databaseRuleCounts:^(int64_t binary, int64_t certificate,
-                                                            int64_t compiler, int64_t transitive) {
-    binaryRuleCount = binary;
-    certRuleCount = certificate;
-    compilerRuleCount = compiler;
-    transitiveRuleCount = transitive;
-    dispatch_group_leave(group);
-  }];
+  [[self.daemonConn remoteObjectProxy]
+    databaseRuleCounts:^(int64_t binary, int64_t certificate, int64_t compiler, int64_t transitive,
+                         int64_t teamID) {
+      binaryRuleCount = binary;
+      certRuleCount = certificate;
+      teamIDRuleCount = teamID;
+      compilerRuleCount = compiler;
+      transitiveRuleCount = transitive;
+      dispatch_group_leave(group);
+    }];
   dispatch_group_enter(group);
   [[self.daemonConn remoteObjectProxy] databaseEventCount:^(int64_t count) {
     eventCount = count;
@@ -226,6 +228,7 @@ - (void)runWithArguments:(NSArray *)arguments {
     printf(">>> Database Info\n");
     printf("  %-25s | %lld\n", "Binary Rules", binaryRuleCount);
     printf("  %-25s | %lld\n", "Certificate Rules", certRuleCount);
+    printf("  %-25s | %lld\n", "TeamID Rules", teamIDRuleCount);
     printf("  %-25s | %lld\n", "Compiler Rules", compilerRuleCount);
     printf("  %-25s | %lld\n", "Transitive Rules", transitiveRuleCount);
     printf("  %-25s | %lld\n", "Events Pending Upload", eventCount);

Source/santactl/Commands/sync/SNTCommandSyncConstants.h

@@ -37,6 +37,7 @@ extern NSString *const kBinaryRuleCount;
 extern NSString *const kCertificateRuleCount;
 extern NSString *const kCompilerRuleCount;
 extern NSString *const kTransitiveRuleCount;
+extern NSString *const kTeamIDRuleCount;
 extern NSString *const kFullSyncInterval;
 extern NSString *const kFCMToken;
 extern NSString *const kFCMFullSyncInterval;

Source/santactl/Commands/sync/SNTCommandSyncConstants.m

@@ -37,6 +37,7 @@
 NSString *const kCertificateRuleCount = @"certificate_rule_count";
 NSString *const kCompilerRuleCount = @"compiler_rule_count";
 NSString *const kTransitiveRuleCount = @"transitive_rule_count";
+NSString *const kTeamIDRuleCount = @"teamid_rule_count";
 NSString *const kFullSyncInterval = @"full_sync_interval";
 NSString *const kFCMToken = @"fcm_token";
 NSString *const kFCMFullSyncInterval = @"fcm_full_sync_interval";

Source/santactl/Commands/sync/SNTCommandSyncPreflight.m

@@ -43,14 +43,16 @@ - (BOOL)sync {
 
   dispatch_group_t group = dispatch_group_create();
   dispatch_group_enter(group);
-  [[self.daemonConn remoteObjectProxy] databaseRuleCounts:^(int64_t binary, int64_t certificate,
-                                                            int64_t compiler, int64_t transitive) {
-    requestDict[kBinaryRuleCount] = @(binary);
-    requestDict[kCertificateRuleCount] = @(certificate);
-    requestDict[kCompilerRuleCount] = @(compiler);
-    requestDict[kTransitiveRuleCount] = @(transitive);
-    dispatch_group_leave(group);
-  }];
+  [[self.daemonConn remoteObjectProxy]
+    databaseRuleCounts:^(int64_t binary, int64_t certificate, int64_t compiler, int64_t transitive,
+                         int64_t teamID) {
+      requestDict[kBinaryRuleCount] = @(binary);
+      requestDict[kCertificateRuleCount] = @(certificate);
+      requestDict[kCompilerRuleCount] = @(compiler);
+      requestDict[kTransitiveRuleCount] = @(transitive);
+      requestDict[kTeamIDRuleCount] = @(teamID);
+      dispatch_group_leave(group);
+    }];
 
   dispatch_group_enter(group);
   [[self.daemonConn remoteObjectProxy] clientMode:^(SNTClientMode cm) {

Source/santactl/Commands/sync/SNTCommandSyncTest.m

@@ -201,11 +201,12 @@ - (void)testPreflightBasicResponse {
 - (void)testPreflightDatabaseCounts {
   SNTCommandSyncPreflight *sut = [[SNTCommandSyncPreflight alloc] initWithState:self.syncState];
 
-  int64_t bin = 5, cert = 8, compiler = 2, transitive = 19;
+  int64_t bin = 5, cert = 8, compiler = 2, transitive = 19, teamID = 3;
   OCMStub([self.daemonConnRop
     databaseRuleCounts:([OCMArg invokeBlockWithArgs:OCMOCK_VALUE(bin), OCMOCK_VALUE(cert),
                                                     OCMOCK_VALUE(compiler),
-                                                    OCMOCK_VALUE(transitive), nil])]);
+                                                    OCMOCK_VALUE(transitive), OCMOCK_VALUE(teamID),
+                                                    nil])]);
 
   [self stubRequestBody:nil
                response:nil
@@ -216,6 +217,7 @@ - (void)testPreflightDatabaseCounts {
             XCTAssertEqualObjects(requestDict[kCertificateRuleCount], @(8));
             XCTAssertEqualObjects(requestDict[kCompilerRuleCount], @(2));
             XCTAssertEqualObjects(requestDict[kTransitiveRuleCount], @(19));
+            XCTAssertEqualObjects(requestDict[kTeamIDRuleCount], @(3));
             return YES;
           }];
 

Source/santad/DataLayer/SNTRuleTable.h

@@ -51,6 +51,11 @@
 ///
 - (NSUInteger)certificateRuleCount;
 
+///
+/// @return Number of team ID rules in the database
+///
+- (NSUInteger)teamIDRuleCount;
+
 ///
 ///  @return Rule for binary or certificate with given SHA-256. The binary rule will be returned
 ///          if it exists. If not, the certificate rule will be returned if it exists.

Source/santad/DataLayer/SNTRuleTable.m

@@ -194,6 +194,14 @@ - (NSUInteger)transitiveRuleCount {
   return count;
 }
 
+- (NSUInteger)teamIDRuleCount {
+  __block NSUInteger count = 0;
+  [self inDatabase:^(FMDatabase *db) {
+    count = [db longForQuery:@"SELECT COUNT(*) FROM rules WHERE type=3"];
+  }];
+  return count;
+}
+
 - (SNTRule *)ruleFromResultSet:(FMResultSet *)rs {
   return [[SNTRule alloc] initWithIdentifier:[rs stringForColumn:@"identifier"]
                                        state:[rs intForColumn:@"state"]

Source/santad/DataLayer/SNTRuleTableTest.m

@@ -157,6 +157,7 @@ - (void)testFetchTeamIDRule {
   XCTAssertNotNil(r);
   XCTAssertEqualObjects(r.identifier, @"teamID");
   XCTAssertEqual(r.type, SNTRuleTypeTeamID);
+  XCTAssertEqual([self.sut teamIDRuleCount], 1);
 
   r = [self.sut ruleForBinarySHA256:nil certificateSHA256:nil teamID:@"nonexistentTeamID"];
   XCTAssertNil(r);

Source/santad/SNTDaemonControlController.m

@@ -91,10 +91,10 @@ - (void)driverConnectionEstablished:(void (^)(BOOL))reply {
 #pragma mark Database ops
 
 - (void)databaseRuleCounts:(void (^)(int64_t binary, int64_t certificate, int64_t compiler,
-                                     int64_t transitive))reply {
+                                     int64_t transitive, int64_t teamID))reply {
   SNTRuleTable *rdb = [SNTDatabaseController ruleTable];
   reply([rdb binaryRuleCount], [rdb certificateRuleCount], [rdb compilerRuleCount],
-        [rdb transitiveRuleCount]);
+        [rdb transitiveRuleCount], [rdb teamIDRuleCount]);
 }
 
 - (void)databaseRuleAddRules:(NSArray *)rules