Fix up additional tests that had defined deadline interactions

Source/santad/BUILD

@@ -904,6 +904,7 @@ santa_unit_test(
         ":SNTDatabaseController",
         ":SNTDecisionCache",
         ":SNTEndpointSecurityAuthorizer",
+        ":SNTEndpointSecurityClient",
         ":SantadDeps",
         "//Source/common:SNTCachedDecision",
         "//Source/common:SNTConfigurator",
@@ -1326,6 +1327,7 @@ santa_unit_test(
         ":EndpointSecurityMessage",
         ":Metrics",
         ":MockEndpointSecurityAPI",
+        ":SNTEndpointSecurityClient",
         ":SNTEndpointSecurityDeviceManager",
         "//Source/common:SNTCommonEnums",
         "//Source/common:SNTConfigurator",

Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm

@@ -34,6 +34,7 @@
 #import "Source/santad/EventProviders/DiskArbitrationTestUtil.h"
 #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
 #include "Source/santad/EventProviders/EndpointSecurity/MockEndpointSecurityAPI.h"
+#import "Source/santad/EventProviders/SNTEndpointSecurityClient.h"
 #import "Source/santad/EventProviders/SNTEndpointSecurityDeviceManager.h"
 #include "Source/santad/Metrics.h"
 
@@ -50,6 +51,12 @@
   MOCK_METHOD(void, FlushCache, (FlushCacheMode mode, FlushCacheReason reason));
 };
 
+@interface SNTEndpointSecurityClient (Testing)
+@property(nonatomic) double defaultBudget;
+@property(nonatomic) int64_t minAllowedHeadroom;
+@property(nonatomic) int64_t maxAllowedHeadroom;
+@end
+
 @interface SNTEndpointSecurityDeviceManager (Testing)
 - (instancetype)init;
 - (void)logDiskAppeared:(NSDictionary *)props;
@@ -136,6 +143,11 @@ - (void)triggerTestMountEvent:(es_event_type_t)eventType
 
   es_file_t file = MakeESFile("foo");
   es_process_t proc = MakeESProcess(&file);
+
+  // This test is sensitive to ~1s processing budget.
+  // Set a 5s headroom and 6s deadline
+  deviceManager.minAllowedHeadroom = 5 * NSEC_PER_SEC;
+  deviceManager.maxAllowedHeadroom = 5 * NSEC_PER_SEC;
   es_message_t esMsg = MakeESMessage(eventType, &proc, ActionType::Auth, 6000);
 
   dispatch_semaphore_t semaMetrics = dispatch_semaphore_create(0);

Source/santad/SantadTest.mm

@@ -30,6 +30,7 @@
 #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
 #include "Source/santad/EventProviders/EndpointSecurity/MockEndpointSecurityAPI.h"
 #import "Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.h"
+#import "Source/santad/EventProviders/SNTEndpointSecurityClient.h"
 #import "Source/santad/Metrics.h"
 #import "Source/santad/SNTDatabaseController.h"
 #import "Source/santad/SNTDecisionCache.h"
@@ -45,6 +46,12 @@
 static const char *kBlockedTeamID = "EQHXZ8M8AV";
 static const char *kAllowedTeamID = "TJNVEKW352";
 
+@interface SNTEndpointSecurityClient (Testing)
+@property(nonatomic) double defaultBudget;
+@property(nonatomic) int64_t minAllowedHeadroom;
+@property(nonatomic) int64_t maxAllowedHeadroom;
+@end
+
 @interface SantadTest : XCTestCase
 @property id mockSNTDatabaseController;
 @end
@@ -118,12 +125,14 @@ - (BOOL)checkBinaryExecution:(NSString *)binaryName
   es_file_t file = MakeESFile([binaryPath UTF8String], fileStat);
   es_process_t proc = MakeESProcess(&file);
   proc.is_platform_binary = false;
-  // Set a 6.5 second deadline for the message. The base SNTEndpointSecurityClient
-  // class leaves a 5 second buffer to auto-respond to messages. A 6 second
-  // deadline means there is a 1.5 second leeway given for the processing block
+
+  // Set a 6.5 second deadline for the message and clamp deadline headroom to 5
+  // seconds. This means there is a 1.5 second leeway given for the processing block
   // to finish its tasks and release the `Message`. This will add about 1 second
   // to the run time of each test case since each one must wait for the
   // deadline block to run and release the message.
+  authClient.minAllowedHeadroom = 5 * NSEC_PER_SEC;
+  authClient.maxAllowedHeadroom = 5 * NSEC_PER_SEC;
   es_message_t esMsg = MakeESMessage(ES_EVENT_TYPE_AUTH_EXEC, &proc, ActionType::Auth, 6500);
   esMsg.event.exec.target = &proc;