From 9e4135ec4e89aa37d8daea6ca3bfe8ec7c60de96 Mon Sep 17 00:00:00 2001 From: tburgin Date: Thu, 20 Sep 2018 16:41:37 -0400 Subject: [PATCH] use a getter --- Source/santad/DataLayer/SNTRuleTable.m | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Source/santad/DataLayer/SNTRuleTable.m b/Source/santad/DataLayer/SNTRuleTable.m index 2df0d7e63..c3570e70e 100644 --- a/Source/santad/DataLayer/SNTRuleTable.m +++ b/Source/santad/DataLayer/SNTRuleTable.m @@ -34,10 +34,15 @@ @interface SNTRuleTable () @property NSString *launchdCertSHA; @property NSDate *lastTransitiveRuleCulling; @property NSDictionary *criticalSystemBinaries; +@property(readonly) NSArray *criticalSystemBinaryPaths; @end @implementation SNTRuleTable +- (NSArray *)criticalSystemBinaryPaths { + return @[ @"/usr/libexec/trustd", @"/usr/sbin/securityd", @"/usr/libexec/xpcproxy" ]; +} + - (uint32_t)initializeDatabase:(FMDatabase *)db fromVersion:(uint32_t)version { // Lock this database from other processes [[db executeQuery:@"PRAGMA locking_mode = EXCLUSIVE;"] close]; @@ -94,7 +99,7 @@ - (uint32_t)initializeDatabase:(FMDatabase *)db fromVersion:(uint32_t)version { // Setup critical system binaries // TODO(tburgin): Add the Santa components to this feature and remove the santadCertSHA rule. NSMutableDictionary *bins = [NSMutableDictionary dictionary]; - for (NSString *path in @[ @"/usr/libexec/trustd", @"/usr/sbin/securityd" ]) { + for (NSString *path in self.criticalSystemBinaryPaths) { SNTFileInfo *binInfo = [[SNTFileInfo alloc] initWithPath:path]; MOLCodesignChecker *csInfo = [binInfo codesignCheckerWithError:NULL];