santad: Add 'null' event logger. Fixes google#754 (google#799)

kyoshisuki · May 6, 2022 · 6e22da1 · 6e22da1
1 parent 1725809
commit 6e22da1
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 8 deletions.
diff --git a/Source/common/SNTCommonEnums.h b/Source/common/SNTCommonEnums.h
@@ -93,6 +93,7 @@ typedef NS_ENUM(NSInteger, SNTEventLogType) {
   SNTEventLogTypeSyslog,
   SNTEventLogTypeFilelog,
   SNTEventLogTypeProtobuf,
+  SNTEventLogTypeNull,
 };
 
 // The return status of a sync.

diff --git a/Source/common/SNTConfigurator.h b/Source/common/SNTConfigurator.h
@@ -151,9 +151,10 @@
 
 ///
 ///  Defines how event logs are stored. Options are:
-///    SNTEventLogTypeSyslog: Sent to ASL or ULS (if built with the 10.12 SDK or later).
-///    SNTEventLogTypeFilelog: Sent to a file on disk. Use eventLogPath to specify a path.
-///    SNTEventLogTypeProtobuf: (BETA) Sent to a file on disk, using maildir format. Use
+///    SNTEventLogTypeSyslog "syslog": Sent to ASL or ULS (if built with the 10.12 SDK or later).
+///    SNTEventLogTypeFilelog "file": Sent to a file on disk. Use eventLogPath to specify a path.
+///    SNTEventLogTypeNull "null": Logs nothing
+///    SNTEventLogTypeProtobuf "protobuf": (BETA) Sent to a file on disk, using maildir format. Use
 ///      mailDirectory to specify a path. Use mailDirectoryFileSizeThresholdKB,
 ///      mailDirectorySizeThresholdMB and mailDirectoryEventMaxFlushTimeSec to configure
 ///      additional maildir format settings.
@@ -420,7 +421,7 @@
 ///  If true, events will be uploaded for all executions, even those that are allowed.
 ///  Use with caution, this generates a lot of events. Defaults to false.
 ///
-@property(readonly, nonatomic) BOOL enableAllEventUpload;
+@property(nonatomic) BOOL enableAllEventUpload;
 
 ///
 ///  If true, forks and exits will be logged. Defaults to false.

diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m
@@ -701,6 +701,10 @@ - (SNTEventLogType)eventLogType {
     return SNTEventLogTypeProtobuf;
   } else if ([logType isEqualToString:@"syslog"]) {
     return SNTEventLogTypeSyslog;
+  } else if ([logType isEqualToString:@"null"]) {
+    return SNTEventLogTypeNull;
+  } else if ([logType isEqualToString:@"file"]) {
+    return SNTEventLogTypeFilelog;
   } else {
     return SNTEventLogTypeFilelog;
   }
@@ -751,7 +755,7 @@ - (BOOL)enableAllEventUpload {
   NSNumber *n = self.syncState[kEnableAllEventUploadKey];
   if (n) return [n boolValue];
 
-  return [self.configState[kEnableAllEventUploadKey];
+  return [self.configState[kEnableAllEventUploadKey] boolValue];
 }
 
 - (void)setEnableAllEventUpload:(BOOL)enabled {

diff --git a/Source/santad/Logs/SNTEventLog.m b/Source/santad/Logs/SNTEventLog.m
@@ -447,7 +447,11 @@ + (instancetype)logger {
         logger = [[SNTProtobufEventLog alloc] init];
         break;
       }
-      default: logger = nil;
+      case SNTEventLogTypeNull: {
+        // Messages sent to nil objects do nothing, which is perfect for a null logger.
+        logger = nil;
+        break;
+      }
     }
   });
   return logger;

diff --git a/Source/santad/SNTExecutionController.m b/Source/santad/SNTExecutionController.m
@@ -191,7 +191,7 @@ - (void)validateBinaryWithMessage:(santa_message_t)message {
   [self incrementEventCounters:cd.decision];
 
   // Log to database if necessary.
-  if ([[SNTCnfigurator configurator].enableAllEventUpload] ||
+  if ([SNTConfigurator configurator].enableAllEventUpload ||
       (cd.decision != SNTEventStateAllowBinary && cd.decision != SNTEventStateAllowCompiler &&
        cd.decision != SNTEventStateAllowTransitive &&
        cd.decision != SNTEventStateAllowCertificate && cd.decision != SNTEventStateAllowTeamID &&

diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md
@@ -52,7 +52,7 @@ also known as mobileconfig files, which are in an Apple-specific XML format.
 | MachineOwnerKey                   | String     | The key to use on MachineOwnerPlist.     |
 | MachineIDPlist                    | String     | The path to a plist that contains the MachineOwnerKey / value pair. |
 | MachineIDKey                      | String     | The key to use on MachineIDPlist.        |
-| EventLogType                      | String     | Defines how event logs are stored. Options are 1) syslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). 2) filelog: Sent to a file on disk. Use EventLogPath to specify a path. 3) protobuf (BETA): Sent to file on disk using maildir format. Defaults to filelog.      |
+| EventLogType                      | String     | Defines how event logs are stored. Options are 1) syslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). 2) filelog: Sent to a file on disk. Use EventLogPath to specify a path. 3) protobuf (BETA): Sent to file on disk using maildir format. 4) null: Don't output any event logs. Defaults to filelog.      |
 | EventLogPath                      | String     | If EventLogType is set to filelog, EventLogPath will provide the path to save logs. Defaults to /var/db/santa/santa.log. If you change this value ensure you also update com.google.santa.newsyslog.conf with the new path.        |
 | MailDirectory                     | String     | If EventLogType is set to protobuf, MailDirectory will provide the the base directory used to save files according to the maildir format. Defaults to /var/db/santa/mail. |
 | MailDirectoryFileSizeThresholdKB  | Integer    | If EventLogType is set to protobuf, MailDirectoryFileSizeThresholdKB defines the per-file size limit for files stored in the mail directory. Events are buffered in memory until this threshold would be exceeded (or MailDirectoryEventMaxFlushTimeSec is exceeded). Defaults to 100. |