Merge branch 'main' into package-script-troix

google · Oct 20, 2021 · c0cdd5e · c0cdd5e
2 parents 66dd3de + 5735a12
commit c0cdd5e
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/Source/santad/DataLayer/SNTRuleTable.m b/Source/santad/DataLayer/SNTRuleTable.m
@@ -39,11 +39,25 @@ @interface SNTRuleTable ()
 
 @implementation SNTRuleTable
 
+//  ES on Monterey now has a “default mute set” of paths that are automatically applied to each ES
+//  client. This mute set contains most (not all) AUTH event types for some paths that were deemed
+//  “system critical”.
+//  Retain this list for < 12.0 versions of ES, but we should be able to rely on the paths muted by
+//  default (visible with es_muted_paths_events any time after connecting a new client and before
+//  modifying any of the mute state).
 + (NSArray *)criticalSystemBinaryPaths {
   return @[
     @"/usr/libexec/trustd",
-    @"/usr/sbin/securityd",
     @"/usr/libexec/xpcproxy",
+    @"/usr/libexec/amfid",
+    @"/usr/libexec/opendirectoryd",
+    @"/usr/libexec/runningboardd",
+    @"/usr/libexec/syspolicyd",
+    @"/usr/libexec/watchdogd",
+    @"/usr/libexec/cfprefsd",
+    @"/usr/sbin/securityd",
+    @"/System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/tccd",
+    @"/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer",
     @"/usr/sbin/ocspd",
     @"/usr/lib/dyld",
     @"/Applications/Santa.app/Contents/MacOS/Santa",