Convert santa::santad::event_providers and santa::santad (#1387)

Source/santad/EventProviders/AuthResultCache.h

@@ -27,7 +27,7 @@
 #import "Source/common/SantaVnode.h"
 #include "Source/santad/EventProviders/EndpointSecurity/EndpointSecurityAPI.h"
 
-namespace santa::santad::event_providers {
+namespace santa {
 
 enum class FlushCacheMode {
   kNonRootOnly,
@@ -87,6 +87,6 @@ class AuthResultCache {
   dispatch_queue_t q_;
 };
 
-}  // namespace santa::santad::event_providers
+}  // namespace santa
 
 #endif

Source/santad/EventProviders/AuthResultCache.mm

@@ -36,7 +36,7 @@
 static NSString *const kFlushCacheReasonEntitlementsTeamIDFilterChanged =
   @"EntitlementsTeamIDFilterChanged";
 
-namespace santa::santad::event_providers {
+namespace santa {
 
 static inline uint64_t GetCurrentUptime() {
   return clock_gettime_nsec_np(CLOCK_MONOTONIC);
@@ -185,4 +185,4 @@ static inline uint64_t TimestampFromCachedValue(uint64_t cachedValue) {
   return @[ @(root_cache_->count()), @(nonroot_cache_->count()) ];
 }
 
-}  // namespace santa::santad::event_providers
+}  // namespace santa

Source/santad/EventProviders/AuthResultCacheTest.mm

@@ -27,15 +27,15 @@
 #include "Source/santad/EventProviders/AuthResultCache.h"
 #include "Source/santad/EventProviders/EndpointSecurity/MockEndpointSecurityAPI.h"
 
-using santa::santad::event_providers::AuthResultCache;
-using santa::santad::event_providers::FlushCacheMode;
-using santa::santad::event_providers::FlushCacheReason;
+using santa::AuthResultCache;
+using santa::FlushCacheMode;
+using santa::FlushCacheReason;
 
-namespace santa::santad::event_providers {
+namespace santa {
 extern NSString *const FlushCacheReasonToString(FlushCacheReason reason);
-}
+}  // namespace santa
 
-using santa::santad::event_providers::FlushCacheReasonToString;
+using santa::FlushCacheReasonToString;
 
 // Grab the st_dev number of the root volume to match the root cache
 static uint64_t RootDevno() {

Source/santad/EventProviders/RateLimiter.h

@@ -23,11 +23,11 @@
 #include "Source/santad/Metrics.h"
 
 // Forward declarations
-namespace santa::santad::event_providers {
+namespace santa {
 class RateLimiterPeer;
-}
+}  // namespace santa
 
-namespace santa::santad::event_providers {
+namespace santa {
 
 // Very basic rate limiting infrastructure.
 // Currently only handles X events per duration.
@@ -39,12 +39,11 @@ class RateLimiter {
  public:
   // Factory
   static std::shared_ptr<RateLimiter> Create(
-      std::shared_ptr<santa::santad::Metrics> metrics,
-      santa::santad::Processor processor, uint16_t max_qps,
-      NSTimeInterval reset_duration = kDefaultResetDuration);
+      std::shared_ptr<santa::Metrics> metrics, santa::Processor processor,
+      uint16_t max_qps, NSTimeInterval reset_duration = kDefaultResetDuration);
 
-  RateLimiter(std::shared_ptr<santa::santad::Metrics> metrics,
-              santa::santad::Processor processor, uint16_t max_qps,
+  RateLimiter(std::shared_ptr<santa::Metrics> metrics,
+              santa::Processor processor, uint16_t max_qps,
               NSTimeInterval reset_duration);
 
   enum class Decision {
@@ -54,7 +53,7 @@ class RateLimiter {
 
   Decision Decide(uint64_t cur_mach_time);
 
-  friend class santa::santad::event_providers::RateLimiterPeer;
+  friend class santa::RateLimiterPeer;
 
  private:
   bool ShouldRateLimitLocked();
@@ -63,15 +62,15 @@ class RateLimiter {
 
   static constexpr NSTimeInterval kDefaultResetDuration = 15.0;
 
-  std::shared_ptr<santa::santad::Metrics> metrics_;
-  santa::santad::Processor processor_;
+  std::shared_ptr<santa::Metrics> metrics_;
+  santa::Processor processor_;
   size_t log_count_total_ = 0;
   size_t max_log_count_total_;
   uint64_t reset_mach_time_;
   uint64_t reset_duration_ns_;
   dispatch_queue_t q_;
 };
 
-}  // namespace santa::santad::event_providers
+}  // namespace santa
 
 #endif

Source/santad/EventProviders/RateLimiter.mm

@@ -17,10 +17,10 @@
 #include "Source/common/BranchPrediction.h"
 #include "Source/common/SystemResources.h"
 
-using santa::santad::Metrics;
-using santa::santad::Processor;
+using santa::Metrics;
+using santa::Processor;
 
-namespace santa::santad::event_providers {
+namespace santa {
 
 std::shared_ptr<RateLimiter> RateLimiter::Create(std::shared_ptr<Metrics> metrics,
                                                  Processor processor, uint16_t max_qps,
@@ -82,4 +82,4 @@
   return decision;
 }
 
-}  // namespace santa::santad::event_providers
+}  // namespace santa

Source/santad/EventProviders/RateLimiterTest.mm

@@ -20,12 +20,11 @@
 #include "Source/common/SystemResources.h"
 #include "Source/santad/Metrics.h"
 
-using santa::santad::event_providers::RateLimiter;
+using santa::RateLimiter;
 
-static const santa::santad::Processor kDefaultProcessor =
-  santa::santad::Processor::kFileAccessAuthorizer;
+static const santa::Processor kDefaultProcessor = santa::Processor::kFileAccessAuthorizer;
 
-namespace santa::santad::event_providers {
+namespace santa {
 
 class RateLimiterPeer : public RateLimiter {
  public:
@@ -39,9 +38,9 @@
   using RateLimiter::reset_mach_time_;
 };
 
-}  // namespace santa::santad::event_providers
+}  // namespace santa
 
-using santa::santad::event_providers::RateLimiterPeer;
+using santa::RateLimiterPeer;
 
 @interface RateLimiterTest : XCTestCase
 @end

Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.h

@@ -28,10 +28,9 @@
     : SNTEndpointSecurityClient <SNTEndpointSecurityEventHandler>
 
 - (instancetype)initWithESAPI:(std::shared_ptr<santa::EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
                execController:(SNTExecutionController *)execController
            compilerController:(SNTCompilerController *)compilerController
-              authResultCache:
-                (std::shared_ptr<santa::santad::event_providers::AuthResultCache>)authResultCache;
+              authResultCache:(std::shared_ptr<santa::AuthResultCache>)authResultCache;
 
 @end

Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.mm

@@ -26,10 +26,10 @@
 #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
 #include "Source/santad/Metrics.h"
 
+using santa::AuthResultCache;
 using santa::EndpointSecurityAPI;
+using santa::EventDisposition;
 using santa::Message;
-using santa::santad::EventDisposition;
-using santa::santad::event_providers::AuthResultCache;
 
 @interface SNTEndpointSecurityAuthorizer ()
 @property SNTCompilerController *compilerController;
@@ -41,13 +41,13 @@ @implementation SNTEndpointSecurityAuthorizer {
 }
 
 - (instancetype)initWithESAPI:(std::shared_ptr<EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
                execController:(SNTExecutionController *)execController
            compilerController:(SNTCompilerController *)compilerController
               authResultCache:(std::shared_ptr<AuthResultCache>)authResultCache {
   self = [super initWithESAPI:std::move(esApi)
                       metrics:std::move(metrics)
-                    processor:santa::santad::Processor::kAuthorizer];
+                    processor:santa::Processor::kAuthorizer];
   if (self) {
     _execController = execController;
     _compilerController = compilerController;

Source/santad/EventProviders/SNTEndpointSecurityAuthorizerTest.mm

@@ -33,9 +33,9 @@
 #import "Source/santad/SNTCompilerController.h"
 #import "Source/santad/SNTExecutionController.h"
 
+using santa::AuthResultCache;
+using santa::EventDisposition;
 using santa::Message;
-using santa::santad::EventDisposition;
-using santa::santad::event_providers::AuthResultCache;
 
 class MockAuthResultCache : public AuthResultCache {
  public:
@@ -72,7 +72,7 @@ - (void)testEnable {
   id authClient =
     [[SNTEndpointSecurityAuthorizer alloc] initWithESAPI:mockESApi
                                                  metrics:nullptr
-                                               processor:santa::santad::Processor::kAuthorizer];
+                                               processor:santa::Processor::kAuthorizer];
 
   EXPECT_CALL(*mockESApi, ClearCache)
     .After(EXPECT_CALL(*mockESApi, Subscribe(testing::_, expectedEventSubs))
@@ -82,7 +82,7 @@ - (void)testEnable {
   [authClient enable];
 
   for (const auto &event : expectedEventSubs) {
-    XCTAssertNoThrow(santa::santad::EventTypeToString(event));
+    XCTAssertNoThrow(santa::EventTypeToString(event));
   }
 
   XCTBubbleMockVerifyAndClearExpectations(mockESApi.get());

Source/santad/EventProviders/SNTEndpointSecurityClient.mm

@@ -40,11 +40,11 @@
 using santa::Client;
 using santa::EndpointSecurityAPI;
 using santa::EnrichedMessage;
+using santa::EventDisposition;
 using santa::Message;
+using santa::Metrics;
+using santa::Processor;
 using santa::WatchItemPathType;
-using santa::santad::EventDisposition;
-using santa::santad::Metrics;
-using santa::santad::Processor;
 
 constexpr std::string_view kProtectedFiles[] = {"/private/var/db/santa/rules.db",
                                                 "/private/var/db/santa/events.db"};

Source/santad/EventProviders/SNTEndpointSecurityClientBase.h

@@ -30,8 +30,8 @@
 @protocol SNTEndpointSecurityClientBase
 
 - (instancetype)initWithESAPI:(std::shared_ptr<santa::EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
-                    processor:(santa::santad::Processor)processor;
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
+                    processor:(santa::Processor)processor;
 
 /// @note If this fails to establish a new ES client via `es_new_client`, an exception is raised
 /// that should terminate the program.

Source/santad/EventProviders/SNTEndpointSecurityClientTest.mm

@@ -40,15 +40,15 @@
 using santa::EnrichedMessage;
 using santa::EnrichedProcess;
 using santa::Message;
+using santa::Processor;
 using santa::WatchItemPathType;
-using santa::santad::Processor;
 
 @interface SNTEndpointSecurityClient (Testing)
 - (void)establishClientOrDie;
 - (bool)muteSelf;
 - (NSString *)errorMessageForNewClientResult:(es_new_client_result_t)result;
 - (void)handleMessage:(Message &&)esMsg
-   recordEventMetrics:(void (^)(santa::santad::EventDisposition disposition))recordEventMetrics;
+   recordEventMetrics:(void (^)(santa::EventDisposition disposition))recordEventMetrics;
 - (BOOL)shouldHandleMessage:(const Message &)esMsg;
 - (int64_t)computeBudgetForDeadline:(uint64_t)deadline currentTime:(uint64_t)currentTime;
 

Source/santad/EventProviders/SNTEndpointSecurityDeviceManager.h

@@ -40,10 +40,9 @@ typedef void (^SNTDeviceBlockCallback)(SNTDeviceEvent *event);
 @property(nonatomic, nullable) SNTDeviceBlockCallback deviceBlockCallback;
 
 - (instancetype)initWithESAPI:(std::shared_ptr<santa::EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
                        logger:(std::shared_ptr<santa::Logger>)logger
-              authResultCache:
-                (std::shared_ptr<santa::santad::event_providers::AuthResultCache>)authResultCache
+              authResultCache:(std::shared_ptr<santa::AuthResultCache>)authResultCache
                 blockUSBMount:(BOOL)blockUSBMount
                remountUSBMode:(nullable NSArray<NSString *> *)remountUSBMode
            startupPreferences:(SNTDeviceManagerStartupPreferences)startupPrefs;

Source/santad/EventProviders/SNTEndpointSecurityDeviceManager.mm

@@ -33,13 +33,13 @@
 #include "Source/santad/EventProviders/EndpointSecurity/Message.h"
 #include "Source/santad/Metrics.h"
 
+using santa::AuthResultCache;
 using santa::EndpointSecurityAPI;
+using santa::EventDisposition;
+using santa::FlushCacheMode;
+using santa::FlushCacheReason;
 using santa::Logger;
 using santa::Message;
-using santa::santad::EventDisposition;
-using santa::santad::event_providers::AuthResultCache;
-using santa::santad::event_providers::FlushCacheMode;
-using santa::santad::event_providers::FlushCacheReason;
 
 // Defined operations for startup metrics:
 // Device shouldn't be operated on (e.g. not a mass storage device)
@@ -178,15 +178,15 @@ @implementation SNTEndpointSecurityDeviceManager {
 }
 
 - (instancetype)initWithESAPI:(std::shared_ptr<EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
                        logger:(std::shared_ptr<Logger>)logger
               authResultCache:(std::shared_ptr<AuthResultCache>)authResultCache
                 blockUSBMount:(BOOL)blockUSBMount
                remountUSBMode:(nullable NSArray<NSString *> *)remountUSBMode
            startupPreferences:(SNTDeviceManagerStartupPreferences)startupPrefs {
   self = [super initWithESAPI:std::move(esApi)
                       metrics:std::move(metrics)
-                    processor:santa::santad::Processor::kDeviceManager];
+                    processor:santa::Processor::kDeviceManager];
   if (self) {
     _logger = logger;
     _authResultCache = authResultCache;

Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm

@@ -38,11 +38,11 @@
 #import "Source/santad/EventProviders/SNTEndpointSecurityDeviceManager.h"
 #include "Source/santad/Metrics.h"
 
+using santa::AuthResultCache;
+using santa::EventDisposition;
+using santa::FlushCacheMode;
+using santa::FlushCacheReason;
 using santa::Message;
-using santa::santad::EventDisposition;
-using santa::santad::event_providers::AuthResultCache;
-using santa::santad::event_providers::FlushCacheMode;
-using santa::santad::event_providers::FlushCacheReason;
 
 class MockAuthResultCache : public AuthResultCache {
  public:
@@ -498,10 +498,10 @@ - (void)testEnable {
   };
   auto mockESApi = std::make_shared<MockEndpointSecurityAPI>();
 
-  id deviceClient = [[SNTEndpointSecurityDeviceManager alloc]
-    initWithESAPI:mockESApi
-          metrics:nullptr
-        processor:santa::santad::Processor::kDeviceManager];
+  id deviceClient =
+    [[SNTEndpointSecurityDeviceManager alloc] initWithESAPI:mockESApi
+                                                    metrics:nullptr
+                                                  processor:santa::Processor::kDeviceManager];
 
   EXPECT_CALL(*mockESApi, ClearCache(testing::_))
     .After(EXPECT_CALL(*mockESApi, Subscribe(testing::_, expectedEventSubs))
@@ -511,7 +511,7 @@ - (void)testEnable {
   [deviceClient enable];
 
   for (const auto &event : expectedEventSubs) {
-    XCTAssertNoThrow(santa::santad::EventTypeToString(event));
+    XCTAssertNoThrow(santa::EventTypeToString(event));
   }
 
   XCTBubbleMockVerifyAndClearExpectations(mockESApi.get());

Source/santad/EventProviders/SNTEndpointSecurityEventHandler.h

@@ -27,7 +27,7 @@
 // Called Synchronously and serially for each message provided by the
 // EndpointSecurity framework.
 - (void)handleMessage:(santa::Message &&)esMsg
-   recordEventMetrics:(void (^)(santa::santad::EventDisposition))recordEventMetrics;
+   recordEventMetrics:(void (^)(santa::EventDisposition))recordEventMetrics;
 
 // Called after Santa has finished initializing itself.
 // This is an optimal place to subscribe to ES events

Source/santad/EventProviders/SNTEndpointSecurityFileAccessAuthorizer.h

@@ -34,12 +34,12 @@ typedef void (^SNTFileAccessBlockCallback)(SNTFileAccessEvent *event, NSString *
     : SNTEndpointSecurityClient <SNTEndpointSecurityDynamicEventHandler>
 
 - (instancetype)initWithESAPI:(std::shared_ptr<santa::EndpointSecurityAPI>)esApi
-                      metrics:(std::shared_ptr<santa::santad::Metrics>)metrics
+                      metrics:(std::shared_ptr<santa::Metrics>)metrics
                        logger:(std::shared_ptr<santa::Logger>)logger
                    watchItems:(std::shared_ptr<santa::WatchItems>)watchItems
                      enricher:(std::shared_ptr<santa::Enricher>)enricher
                 decisionCache:(SNTDecisionCache *)decisionCache
-                    ttyWriter:(std::shared_ptr<santa::santad::TTYWriter>)ttyWriter;
+                    ttyWriter:(std::shared_ptr<santa::TTYWriter>)ttyWriter;
 
 @property SNTFileAccessBlockCallback fileAccessBlockCallback;