use a getter

google · Sep 20, 2018 · 9e4135e · 9e4135e
1 parent 0932359
commit 9e4135e
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/Source/santad/DataLayer/SNTRuleTable.m b/Source/santad/DataLayer/SNTRuleTable.m
@@ -34,10 +34,15 @@ @interface SNTRuleTable ()
 @property NSString *launchdCertSHA;
 @property NSDate *lastTransitiveRuleCulling;
 @property NSDictionary *criticalSystemBinaries;
+@property(readonly) NSArray *criticalSystemBinaryPaths;
 @end
 
 @implementation SNTRuleTable
 
+- (NSArray *)criticalSystemBinaryPaths {
+  return @[ @"/usr/libexec/trustd", @"/usr/sbin/securityd", @"/usr/libexec/xpcproxy" ];
+}
+
 - (uint32_t)initializeDatabase:(FMDatabase *)db fromVersion:(uint32_t)version {
   // Lock this database from other processes
   [[db executeQuery:@"PRAGMA locking_mode = EXCLUSIVE;"] close];
@@ -94,7 +99,7 @@ - (uint32_t)initializeDatabase:(FMDatabase *)db fromVersion:(uint32_t)version {
   // Setup critical system binaries
   // TODO(tburgin): Add the Santa components to this feature and remove the santadCertSHA rule.
   NSMutableDictionary *bins = [NSMutableDictionary dictionary];
-  for (NSString *path in @[ @"/usr/libexec/trustd", @"/usr/sbin/securityd" ]) {
+  for (NSString *path in self.criticalSystemBinaryPaths) {
     SNTFileInfo *binInfo = [[SNTFileInfo alloc] initWithPath:path];
     MOLCodesignChecker *csInfo = [binInfo codesignCheckerWithError:NULL];