Change rule count types to int64_t. SNTRuleIdentifiers properties now…

… RO.
google · Feb 26, 2024 · 637e583 · 637e583
1 parent 7101449
commit 637e583
Show file tree

Hide file tree

Showing 8 changed files with 85 additions and 54 deletions.
diff --git a/Source/common/SNTRuleIdentifiers.h b/Source/common/SNTRuleIdentifiers.h
@@ -1,4 +1,4 @@
-/// Copyright 2022 Google LLC
+/// Copyright 2024 Google LLC
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -33,8 +33,17 @@ struct RuleIdentifiers {
 };
 
 @interface SNTRuleIdentifiers : NSObject
-@property NSString *binarySHA256;
-@property NSString *signingID;
-@property NSString *certificateSHA256;
-@property NSString *teamID;
+@property(readonly) NSString *binarySHA256;
+@property(readonly) NSString *signingID;
+@property(readonly) NSString *certificateSHA256;
+@property(readonly) NSString *teamID;
+
+/// Please use `initWithRuleIdentifiers:`
+- (instancetype)init NS_UNAVAILABLE;
+
+- (instancetype)initWithRuleIdentifiers:(struct RuleIdentifiers)identifiers
+  NS_DESIGNATED_INITIALIZER;
+
+- (struct RuleIdentifiers)toStruct;
+
 @end
diff --git a/Source/common/SNTRuleIdentifiers.m b/Source/common/SNTRuleIdentifiers.m
@@ -1,4 +1,4 @@
-/// Copyright 2022 Google LLC
+/// Copyright 2024 Google LLC
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -15,4 +15,23 @@
 #import "Source/common/SNTRuleIdentifiers.h"
 
 @implementation SNTRuleIdentifiers
+
+- (instancetype)initWithRuleIdentifiers:(struct RuleIdentifiers)identifiers {
+  self = [super init];
+  if (self) {
+    _binarySHA256 = identifiers.binarySHA256;
+    _signingID = identifiers.signingID;
+    _certificateSHA256 = identifiers.certificateSHA256;
+    _teamID = identifiers.teamID;
+  }
+  return self;
+}
+
+- (struct RuleIdentifiers)toStruct {
+  return (struct RuleIdentifiers){.binarySHA256 = self.binarySHA256,
+                                  .signingID = self.signingID,
+                                  .certificateSHA256 = self.certificateSHA256,
+                                  .teamID = self.teamID};
+}
+
 @end
diff --git a/Source/common/SNTXPCUnprivilegedControlInterface.h b/Source/common/SNTXPCUnprivilegedControlInterface.h
@@ -23,12 +23,12 @@
 @class MOLXPCConnection;
 
 struct RuleCounts {
-  NSUInteger binary;
-  NSUInteger certificate;
-  NSUInteger compiler;
-  NSUInteger transitive;
-  NSUInteger teamID;
-  NSUInteger signingID;
+  int64_t binary;
+  int64_t certificate;
+  int64_t compiler;
+  int64_t transitive;
+  int64_t teamID;
+  int64_t signingID;
 };
 
 ///
@@ -46,7 +46,7 @@ struct RuleCounts {
 ///  Database ops
 ///
 - (void)databaseRuleCounts:(void (^)(struct RuleCounts ruleCounts))reply;
-- (void)databaseEventCount:(void (^)(NSUInteger count))reply;
+- (void)databaseEventCount:(void (^)(int64_t count))reply;
 - (void)staticRuleCount:(void (^)(int64_t count))reply;
 
 ///

diff --git a/Source/santactl/Commands/SNTCommandRule.m b/Source/santactl/Commands/SNTCommandRule.m
@@ -368,13 +368,14 @@ - (void)printStateOfRule:(SNTRule *)rule daemonConnection:(MOLXPCConnection *)da
   id<SNTDaemonControlXPC> rop = [daemonConn synchronousRemoteObjectProxy];
   __block NSString *output;
 
-  SNTRuleIdentifiers *identifiers = [[SNTRuleIdentifiers alloc] init];
-  identifiers.binarySHA256 = (rule.type == SNTRuleTypeBinary) ? rule.identifier : nil;
-  identifiers.certificateSHA256 = (rule.type == SNTRuleTypeCertificate) ? rule.identifier : nil;
-  identifiers.teamID = (rule.type == SNTRuleTypeTeamID) ? rule.identifier : nil;
-  identifiers.signingID = (rule.type == SNTRuleTypeSigningID) ? rule.identifier : nil;
-
-  [rop databaseRuleForIdentifiers:identifiers
+  struct RuleIdentifiers identifiers = {
+    .binarySHA256 = (rule.type == SNTRuleTypeBinary) ? rule.identifier : nil,
+    .certificateSHA256 = (rule.type == SNTRuleTypeCertificate) ? rule.identifier : nil,
+    .teamID = (rule.type == SNTRuleTypeTeamID) ? rule.identifier : nil,
+    .signingID = (rule.type == SNTRuleTypeSigningID) ? rule.identifier : nil,
+  };
+
+  [rop databaseRuleForIdentifiers:[[SNTRuleIdentifiers alloc] initWithRuleIdentifiers:identifiers]
                             reply:^(SNTRule *r) {
                               output = [SNTCommandRule stringifyRule:r
                                                            withColor:(isatty(STDOUT_FILENO) == 1)];

diff --git a/Source/santactl/Commands/SNTCommandStatus.m b/Source/santactl/Commands/SNTCommandStatus.m
@@ -91,14 +91,20 @@ - (void)runWithArguments:(NSArray *)arguments {
   }];
 
   // Database counts
-  __block struct RuleCounts ruleCounts;
-  memset(&ruleCounts, NSUIntegerMax, sizeof(ruleCounts));
+  __block struct RuleCounts ruleCounts = {
+    .binary = -1,
+    .certificate = -1,
+    .compiler = -1,
+    .transitive = -1,
+    .teamID = -1,
+    .signingID = -1,
+  };
   [rop databaseRuleCounts:^(struct RuleCounts counts) {
     ruleCounts = counts;
   }];
 
-  __block NSUInteger eventCount = NSUIntegerMax;
-  [rop databaseEventCount:^(NSUInteger count) {
+  __block int64_t eventCount = -1;
+  [rop databaseEventCount:^(int64_t count) {
     eventCount = count;
   }];
 
@@ -275,13 +281,13 @@ - (void)runWithArguments:(NSArray *)arguments {
     printf("  %-25s | %lld\n", "Non-root cache count", nonRootCacheCount);
 
     printf(">>> Database Info\n");
-    printf("  %-25s | %lu\n", "Binary Rules", ruleCounts.binary);
-    printf("  %-25s | %lu\n", "Certificate Rules", ruleCounts.certificate);
-    printf("  %-25s | %lu\n", "TeamID Rules", ruleCounts.teamID);
-    printf("  %-25s | %lu\n", "SigningID Rules", ruleCounts.signingID);
-    printf("  %-25s | %lu\n", "Compiler Rules", ruleCounts.compiler);
-    printf("  %-25s | %lu\n", "Transitive Rules", ruleCounts.transitive);
-    printf("  %-25s | %lu\n", "Events Pending Upload", eventCount);
+    printf("  %-25s | %lld\n", "Binary Rules", ruleCounts.binary);
+    printf("  %-25s | %lld\n", "Certificate Rules", ruleCounts.certificate);
+    printf("  %-25s | %lld\n", "TeamID Rules", ruleCounts.teamID);
+    printf("  %-25s | %lld\n", "SigningID Rules", ruleCounts.signingID);
+    printf("  %-25s | %lld\n", "Compiler Rules", ruleCounts.compiler);
+    printf("  %-25s | %lld\n", "Transitive Rules", ruleCounts.transitive);
+    printf("  %-25s | %lld\n", "Events Pending Upload", eventCount);
 
     if ([SNTConfigurator configurator].staticRules.count) {
       printf(">>> Static Rules\n");

diff --git a/Source/santad/DataLayer/SNTRuleTable.h b/Source/santad/DataLayer/SNTRuleTable.h
@@ -30,37 +30,37 @@
 ///
 ///  @return Number of rules in the database
 ///
-- (NSUInteger)ruleCount;
+- (int64_t)ruleCount;
 
 ///
 ///  @return Number of binary rules in the database
 ///
-- (NSUInteger)binaryRuleCount;
+- (int64_t)binaryRuleCount;
 
 ///
 ///  @return Number of compiler rules in the database
 ///
-- (NSUInteger)compilerRuleCount;
+- (int64_t)compilerRuleCount;
 
 ///
 ///  @return Number of transitive rules in the database
 ///
-- (NSUInteger)transitiveRuleCount;
+- (int64_t)transitiveRuleCount;
 
 ///
 ///  @return Number of certificate rules in the database
 ///
-- (NSUInteger)certificateRuleCount;
+- (int64_t)certificateRuleCount;
 
 ///
 /// @return Number of team ID rules in the database
 ///
-- (NSUInteger)teamIDRuleCount;
+- (int64_t)teamIDRuleCount;
 
 ///
 /// @return Number of signing ID rules in the database
 ///
-- (NSUInteger)signingIDRuleCount;
+- (int64_t)signingIDRuleCount;
 
 ///
 ///  @return Rule for given identifiers.

diff --git a/Source/santad/DataLayer/SNTRuleTable.m b/Source/santad/DataLayer/SNTRuleTable.m
@@ -29,7 +29,7 @@
 
 // TODO(nguyenphillip): this should be configurable.
 // How many rules must be in database before we start trying to remove transitive rules.
-static const NSUInteger kTransitiveRuleCullingThreshold = 500000;
+static const int64_t kTransitiveRuleCullingThreshold = 500000;
 // Consider transitive rules out of date if they haven't been used in six months.
 static const NSUInteger kTransitiveRuleExpirationSeconds = 6 * 30 * 24 * 3600;
 
@@ -263,31 +263,31 @@ - (uint32_t)initializeDatabase:(FMDatabase *)db fromVersion:(uint32_t)version {
 
 #pragma mark Entry Counts
 
-- (NSUInteger)ruleCount {
+- (int64_t)ruleCount {
   __block NSUInteger count = 0;
   [self inDatabase:^(FMDatabase *db) {
     count = [db longForQuery:@"SELECT COUNT(*) FROM rules"];
   }];
   return count;
 }
 
-- (NSUInteger)ruleCountForRuleType:(SNTRuleType)ruleType {
-  __block NSUInteger count = 0;
+- (int64_t)ruleCountForRuleType:(SNTRuleType)ruleType {
+  __block int64_t count = 0;
   [self inDatabase:^(FMDatabase *db) {
     count = [db longForQuery:@"SELECT COUNT(*) FROM rules WHERE type=?", @(ruleType)];
   }];
   return count;
 }
 
-- (NSUInteger)binaryRuleCount {
+- (int64_t)binaryRuleCount {
   return [self ruleCountForRuleType:SNTRuleTypeBinary];
 }
 
-- (NSUInteger)certificateRuleCount {
+- (int64_t)certificateRuleCount {
   return [self ruleCountForRuleType:SNTRuleTypeCertificate];
 }
 
-- (NSUInteger)compilerRuleCount {
+- (int64_t)compilerRuleCount {
   __block NSUInteger count = 0;
   [self inDatabase:^(FMDatabase *db) {
     count =
@@ -296,7 +296,7 @@ - (NSUInteger)compilerRuleCount {
   return count;
 }
 
-- (NSUInteger)transitiveRuleCount {
+- (int64_t)transitiveRuleCount {
   __block NSUInteger count = 0;
   [self inDatabase:^(FMDatabase *db) {
     count =
@@ -305,11 +305,11 @@ - (NSUInteger)transitiveRuleCount {
   return count;
 }
 
-- (NSUInteger)teamIDRuleCount {
+- (int64_t)teamIDRuleCount {
   return [self ruleCountForRuleType:SNTRuleTypeTeamID];
 }
 
-- (NSUInteger)signingIDRuleCount {
+- (int64_t)signingIDRuleCount {
   return [self ruleCountForRuleType:SNTRuleTypeSigningID];
 }
 

diff --git a/Source/santad/SNTDaemonControlController.mm b/Source/santad/SNTDaemonControlController.mm
@@ -138,7 +138,7 @@ - (void)databaseRuleAddRules:(NSArray *)rules
   reply(error);
 }
 
-- (void)databaseEventCount:(void (^)(NSUInteger count))reply {
+- (void)databaseEventCount:(void (^)(int64_t count))reply {
   reply([[SNTDatabaseController eventTable] pendingEventsCount]);
 }
 
@@ -152,11 +152,7 @@ - (void)databaseRemoveEventsWithIDs:(NSArray *)ids {
 
 - (void)databaseRuleForIdentifiers:(SNTRuleIdentifiers *)identifiers
                              reply:(void (^)(SNTRule *))reply {
-  reply([[SNTDatabaseController ruleTable]
-    ruleForIdentifiers:(struct RuleIdentifiers){.binarySHA256 = identifiers.binarySHA256,
-                                                .signingID = identifiers.signingID,
-                                                .certificateSHA256 = identifiers.certificateSHA256,
-                                                .teamID = identifiers.teamID}]);
+  reply([[SNTDatabaseController ruleTable] ruleForIdentifiers:[identifiers toStruct]]);
 }
 
 - (void)staticRuleCount:(void (^)(int64_t count))reply {