-
Notifications
You must be signed in to change notification settings - Fork 297
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Basic dialog functionality when access to a watch item is denied (#1106)
* Basic working prototype to display a UI on blocked file access * Force watch items policies to be silent for now * Remove unused view * Refactor to not use newer SwiftUI features * Address PR feedback
- Loading branch information
Showing
17 changed files
with
551 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| /// Copyright 2023 Google LLC | ||
| /// | ||
| /// Licensed under the Apache License, Version 2.0 (the "License"); | ||
| /// you may not use this file except in compliance with the License. | ||
| /// You may obtain a copy of the License at | ||
| /// | ||
| /// https://www.apache.org/licenses/LICENSE-2.0 | ||
| /// | ||
| /// Unless required by applicable law or agreed to in writing, software | ||
| /// distributed under the License is distributed on an "AS IS" BASIS, | ||
| /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| /// See the License for the specific language governing permissions and | ||
| /// limitations under the License. | ||
|
|
||
| #import <Foundation/Foundation.h> | ||
|
|
||
| #import <MOLCertificate/MOLCertificate.h> | ||
|
|
||
| /// | ||
| /// Represents an event stored in the database. | ||
| /// | ||
| @interface SNTFileAccessEvent : NSObject <NSSecureCoding> | ||
|
|
||
| /// | ||
| /// The watched path that was accessed | ||
| /// | ||
| @property NSString *accessedPath; | ||
|
|
||
| /// | ||
| /// The rule version and name that were violated | ||
| /// | ||
| @property NSString *ruleVersion; | ||
| @property NSString *ruleName; | ||
|
|
||
| /// | ||
| /// The SHA256 of the process that accessed the path | ||
| /// | ||
| @property NSString *fileSHA256; | ||
|
|
||
| /// | ||
| /// The path of the process that accessed the watched path | ||
| /// | ||
| @property NSString *filePath; | ||
|
|
||
| /// | ||
| /// If the process is part of a bundle, the name of the application | ||
| /// | ||
| @property NSString *application; | ||
|
|
||
| /// | ||
| /// If the executed file was signed, this is the Team ID if present in the signature information. | ||
| /// | ||
| @property NSString *teamID; | ||
|
|
||
| /// | ||
| /// If the executed file was signed, this is the Signing ID if present in the signature information. | ||
| /// | ||
| @property NSString *signingID; | ||
|
|
||
| /// | ||
| /// The user who executed the binary. | ||
| /// | ||
| @property NSString *executingUser; | ||
|
|
||
| /// | ||
| /// The process ID of the binary being executed. | ||
| /// | ||
| @property NSNumber *pid; | ||
|
|
||
| /// | ||
| /// The parent process ID of the binary being executed. | ||
| /// | ||
| @property NSNumber *ppid; | ||
|
|
||
| /// | ||
| /// The name of the parent process. | ||
| /// | ||
| @property NSString *parentName; | ||
|
|
||
| // TODO(mlw): Store signing chain info | ||
| // @property NSArray<MOLCertificate*> *signingChain; | ||
|
|
||
| @end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| /// Copyright 2023 Google LLC | ||
| /// | ||
| /// Licensed under the Apache License, Version 2.0 (the "License"); | ||
| /// you may not use this file except in compliance with the License. | ||
| /// You may obtain a copy of the License at | ||
| /// | ||
| /// https://www.apache.org/licenses/LICENSE-2.0 | ||
| /// | ||
| /// Unless required by applicable law or agreed to in writing, software | ||
| /// distributed under the License is distributed on an "AS IS" BASIS, | ||
| /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| /// See the License for the specific language governing permissions and | ||
| /// limitations under the License. | ||
|
|
||
| #import "Source/common/SNTFileAccessEvent.h" | ||
|
|
||
| @implementation SNTFileAccessEvent | ||
|
|
||
| #define ENCODE(o) \ | ||
| do { \ | ||
| if (self.o) { \ | ||
| [coder encodeObject:self.o forKey:@(#o)]; \ | ||
| } \ | ||
| } while (0) | ||
|
|
||
| #define DECODE(o, c) \ | ||
| do { \ | ||
| _##o = [decoder decodeObjectOfClass:[c class] forKey:@(#o)]; \ | ||
| } while (0) | ||
|
|
||
| - (instancetype)init { | ||
| self = [super init]; | ||
| if (self) { | ||
| } | ||
| return self; | ||
| } | ||
|
|
||
| + (BOOL)supportsSecureCoding { | ||
| return YES; | ||
| } | ||
|
|
||
| - (void)encodeWithCoder:(NSCoder *)coder { | ||
| ENCODE(accessedPath); | ||
| ENCODE(ruleVersion); | ||
| ENCODE(ruleName); | ||
| ENCODE(fileSHA256); | ||
| ENCODE(filePath); | ||
| ENCODE(application); | ||
| ENCODE(teamID); | ||
| ENCODE(teamID); | ||
| ENCODE(pid); | ||
| ENCODE(ppid); | ||
| ENCODE(parentName); | ||
| } | ||
|
|
||
| - (instancetype)initWithCoder:(NSCoder *)decoder { | ||
| self = [super init]; | ||
| if (self) { | ||
| DECODE(accessedPath, NSString); | ||
| DECODE(ruleVersion, NSString); | ||
| DECODE(ruleName, NSString); | ||
| DECODE(fileSHA256, NSString); | ||
| DECODE(filePath, NSString); | ||
| DECODE(application, NSString); | ||
| DECODE(teamID, NSString); | ||
| DECODE(teamID, NSString); | ||
| DECODE(pid, NSNumber); | ||
| DECODE(ppid, NSNumber); | ||
| DECODE(parentName, NSString); | ||
| } | ||
| return self; | ||
| } | ||
|
|
||
| - (NSString *)description { | ||
| return [NSString | ||
| stringWithFormat:@"SNTFileAccessEvent: Accessed: %@, By: %@", self.accessedPath, self.filePath]; | ||
| } | ||
|
|
||
| @end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| /// Copyright 2023 Google LLC | ||
| /// | ||
| /// Licensed under the Apache License, Version 2.0 (the "License"); | ||
| /// you may not use this file except in compliance with the License. | ||
| /// You may obtain a copy of the License at | ||
| /// | ||
| /// https://www.apache.org/licenses/LICENSE-2.0 | ||
| /// | ||
| /// Unless required by applicable law or agreed to in writing, software | ||
| /// distributed under the License is distributed on an "AS IS" BASIS, | ||
| /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| /// See the License for the specific language governing permissions and | ||
| /// limitations under the License. | ||
|
|
||
| #import <Cocoa/Cocoa.h> | ||
|
|
||
| #import "Source/gui/SNTMessageWindowController.h" | ||
|
|
||
| NS_ASSUME_NONNULL_BEGIN | ||
|
|
||
| @class SNTFileAccessEvent; | ||
|
|
||
| /// | ||
| /// Controller for a single message window. | ||
| /// | ||
| API_AVAILABLE(macos(13.0)) | ||
| @interface SNTFileAccessMessageWindowController : SNTMessageWindowController <NSWindowDelegate> | ||
|
|
||
| - (instancetype)initWithEvent:(SNTFileAccessEvent *)event message:(nullable NSString *)message; | ||
|
|
||
| @property(readonly) SNTFileAccessEvent *event; | ||
|
|
||
| @end | ||
|
|
||
| NS_ASSUME_NONNULL_END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| /// Copyright 2023 Google LLC | ||
| /// | ||
| /// Licensed under the Apache License, Version 2.0 (the "License"); | ||
| /// you may not use this file except in compliance with the License. | ||
| /// You may obtain a copy of the License at | ||
| /// | ||
| /// https://www.apache.org/licenses/LICENSE-2.0 | ||
| /// | ||
| /// Unless required by applicable law or agreed to in writing, software | ||
| /// distributed under the License is distributed on an "AS IS" BASIS, | ||
| /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| /// See the License for the specific language governing permissions and | ||
| /// limitations under the License. | ||
|
|
||
| #import "Source/gui/SNTFileAccessMessageWindowController.h" | ||
| #import "Source/gui/SNTFileAccessMessageWindowView-Swift.h" | ||
|
|
||
| #import "Source/common/SNTBlockMessage.h" | ||
| #import "Source/common/SNTFileAccessEvent.h" | ||
| #import "Source/common/SNTLogging.h" | ||
|
|
||
| @interface SNTFileAccessMessageWindowController () | ||
| @property NSString *customMessage; | ||
| @property SNTFileAccessEvent *event; | ||
| @end | ||
|
|
||
| @implementation SNTFileAccessMessageWindowController | ||
|
|
||
| - (instancetype)initWithEvent:(SNTFileAccessEvent *)event message:(nullable NSString *)message { | ||
| self = [super init]; | ||
| if (self) { | ||
| _customMessage = message; | ||
| _event = event; | ||
| } | ||
| return self; | ||
| } | ||
|
|
||
| - (void)showWindow:(id)sender { | ||
| if (self.window) { | ||
| [self.window orderOut:sender]; | ||
| } | ||
|
|
||
| self.window = | ||
| [[NSWindow alloc] initWithContentRect:NSMakeRect(0, 0, 0, 0) | ||
| styleMask:NSWindowStyleMaskClosable | NSWindowStyleMaskTitled | ||
| backing:NSBackingStoreBuffered | ||
| defer:NO]; | ||
|
|
||
| self.window.contentViewController = | ||
| [SNTFileAccessMessageWindowViewFactory createWithWindow:self.window | ||
| event:self.event | ||
| customMsg:self.attributedCustomMessage]; | ||
|
|
||
| self.window.delegate = self; | ||
|
|
||
| // Add app to Cmd+Tab and Dock. | ||
| NSApp.activationPolicy = NSApplicationActivationPolicyRegular; | ||
|
|
||
| [super showWindow:sender]; | ||
| } | ||
|
|
||
| - (void)windowWillClose:(NSNotification *)notification { | ||
| // Remove app from Cmd+Tab and Dock. | ||
| NSApp.activationPolicy = NSApplicationActivationPolicyAccessory; | ||
| [super windowWillClose:notification]; | ||
| } | ||
|
|
||
| - (NSAttributedString *)attributedCustomMessage { | ||
| return [SNTBlockMessage formatMessage:self.customMessage]; | ||
| } | ||
|
|
||
| - (NSString *)messageHash { | ||
| // TODO(mlw): This is not the final form. As this feature is expanded this | ||
| // hash will need to be revisted to ensure it meets our needs. | ||
| return [NSString stringWithFormat:@"%@|%@|%d", self.event.ruleName, self.event.ruleVersion, | ||
| [self.event.pid intValue]]; | ||
| } | ||
|
|
||
| @end |
Oops, something went wrong.