Address PR feedback

google · Nov 13, 2023 · 44b8e2d · 44b8e2d
1 parent b07d210
commit 44b8e2d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/Source/santad/SNTExecutionController.mm b/Source/santad/SNTExecutionController.mm
@@ -89,7 +89,7 @@ @interface SNTExecutionController ()
 
 @implementation SNTExecutionController {
   std::shared_ptr<TTYWriter> _ttyWriter;
-  absl::Mutex _filterMutex;
+  absl::Mutex _entitlementFilterMutex;
   std::set<std::string> _entitlementsTeamIDFilter;
   std::unique_ptr<PrefixTree<Unit>> _entitlementsPrefixFilter;
 }
@@ -141,12 +141,12 @@ - (instancetype)initWithRuleTable:(SNTRuleTable *)ruleTable
 }
 
 - (void)updateEntitlementsPrefixFilter:(NSArray<NSString *> *)filter {
-  absl::MutexLock lock(&self->_filterMutex);
+  absl::MutexLock lock(&self->_entitlementFilterMutex);
   UpdatePrefixFilterLocked(self->_entitlementsPrefixFilter, filter);
 }
 
 - (void)updateEntitlementsTeamIDFilter:(NSArray<NSString *> *)filter {
-  absl::MutexLock lock(&self->_filterMutex);
+  absl::MutexLock lock(&self->_entitlementFilterMutex);
   UpdateTeamIDFilterLocked(self->_entitlementsTeamIDFilter, filter);
 }
 
@@ -262,7 +262,7 @@ - (void)validateExecEvent:(const Message &)esMsg postAction:(bool (^)(SNTAction)
         return nil;
       }
 
-      absl::ReaderMutexLock lock(&self->_filterMutex);
+      absl::ReaderMutexLock lock(&self->_entitlementFilterMutex);
 
       if (teamID && self->_entitlementsTeamIDFilter.count(std::string(teamID)) > 0) {
         LOGD(@"Dropping entitlement logging for configured TeamID: %s", teamID);

diff --git a/Source/santad/SNTPolicyProcessor.m b/Source/santad/SNTPolicyProcessor.m
@@ -102,9 +102,8 @@ - (nonnull SNTCachedDecision *)decisionForFileInfo:(nonnull SNTFileInfo *)fileIn
         csInfo.signingInformation[(__bridge NSString *)kSecCodeInfoEntitlementsDict];
 
       if (entitlementsFilterCallback) {
-        NSDictionary *filtered = entitlementsFilterCallback(entitlements);
-        cd.entitlements = filtered;
-        cd.entitlementsFiltered = filtered.count == entitlements.count;
+        cd.entitlements = entitlementsFilterCallback(entitlements);
+        cd.entitlementsFiltered = (cd.entitlements.count == entitlements.count);
       } else {
         cd.entitlements = [entitlements sntDeepCopy];
         cd.entitlementsFiltered = NO;