Merge 010612e into e2b099a

google · May 5, 2023 · 638ddc1 · 638ddc1
2 parents e2b099a + 010612e
commit 638ddc1
Showing 1 changed file with 18 additions and 13 deletions.
diff --git a/Source/santad/Santad.mm b/Source/santad/Santad.mm
@@ -130,14 +130,17 @@ void SantadMain(std::shared_ptr<EndpointSecurityAPI> esapi, std::shared_ptr<Logg
   SNTEndpointSecurityTamperResistance *tamper_client =
     [[SNTEndpointSecurityTamperResistance alloc] initWithESAPI:esapi metrics:metrics logger:logger];
 
-  SNTEndpointSecurityFileAccessAuthorizer *access_authorizer_client =
-    [[SNTEndpointSecurityFileAccessAuthorizer alloc] initWithESAPI:esapi
-                                                           metrics:metrics
-                                                            logger:logger
-                                                        watchItems:watch_items
-                                                          enricher:enricher
-                                                     decisionCache:[SNTDecisionCache sharedCache]];
-  watch_items->RegisterClient(access_authorizer_client);
+  if (@available(macOS 13.0, *)) {
+    SNTEndpointSecurityFileAccessAuthorizer *access_authorizer_client =
+      [[SNTEndpointSecurityFileAccessAuthorizer alloc]
+        initWithESAPI:esapi
+              metrics:metrics
+               logger:logger
+           watchItems:watch_items
+             enricher:enricher
+        decisionCache:[SNTDecisionCache sharedCache]];
+    watch_items->RegisterClient(access_authorizer_client);
+  }
 
   EstablishSyncServiceConnection(syncd_queue);
 
@@ -304,17 +307,19 @@ void SantadMain(std::shared_ptr<EndpointSecurityAPI> esapi, std::shared_ptr<Logg
                 return;
               }
 
-              if (oldValue != newValue || (newValue && ![oldValue isEqualToString:newValue])) {
-                LOGI(@"Filesystem monitoring policy config path changed: %@ -> %@", oldValue,
-                     newValue);
-                watch_items->SetConfigPath(newValue);
+              if (@available(macOS 13.0, *)) {
+                if ((oldValue && !newValue) || (newValue && ![oldValue isEqualToString:newValue])) {
+                  LOGI(@"Filesystem monitoring policy config path changed: %@ -> %@", oldValue,
+                       newValue);
+                  watch_items->SetConfigPath(newValue);
+                }
               }
             }],
     [[SNTKVOManager alloc] initWithObject:configurator
                                  selector:@selector(fileAccessPolicy)
                                      type:[NSDictionary class]
                                  callback:^(NSDictionary *oldValue, NSDictionary *newValue) {
-                                   if (oldValue != newValue ||
+                                   if ((oldValue && !newValue) ||
                                        (newValue && ![oldValue isEqualToDictionary:newValue])) {
                                      LOGI(@"Filesystem monitoring policy embedded config changed");
                                      watch_items->SetConfig(newValue);