Skip to content

Commit ef6761e

Browse files
mlwmlw
authored
Fix issue when manually managing rules with santactl rule (unreleased) (#701)
This fixes an issue introduced by #695
1 parent 38ed1ea commit ef6761e

File tree

1 file changed

+41
-44
lines changed

1 file changed

+41
-44
lines changed

Source/santactl/Commands/SNTCommandRule.mm

Lines changed: 41 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
#import <CommonCrypto/CommonDigest.h>
1717
#import <Foundation/Foundation.h>
1818
#import <Kernel/kern/cs_blobs.h>
19+
#include <stdlib.h>
1920

2021
#import "Source/common/MOLCertificate.h"
2122
#import "Source/common/MOLCodesignChecker.h"
@@ -292,14 +293,21 @@ - (void)runWithArguments:(NSArray *)arguments {
292293
source:SNTRuleAddSourceSantactl
293294
reply:^(BOOL success, NSArray<NSError *> *errors) {
294295
if (success) {
295-
TEE_LOGE(@"Rules were deleted, with the following warnings:");
296+
TEE_LOGI(@"Rules were successfully deleted.");
297+
if (errors.count > 0) {
298+
TEE_LOGE(@"The following warnings were emitted:");
299+
for (NSError *e in errors) {
300+
TEE_LOGW(@"\t%@", e.localizedDescription);
301+
}
302+
}
296303
} else {
297304
TEE_LOGE(@"Failed to delete rules:");
305+
for (NSError *e in errors) {
306+
TEE_LOGE(@"\t%@", e.localizedDescription);
307+
}
298308
}
299-
for (NSError *e in errors) {
300-
TEE_LOGE(@"\t%@", e.localizedDescription);
301-
}
302-
exit(EXIT_FAILURE);
309+
310+
exit(success == NO ? EXIT_FAILURE : EXIT_SUCCESS);
303311
}];
304312
exit(EXIT_SUCCESS);
305313
}
@@ -401,51 +409,40 @@ - (void)runWithArguments:(NSArray *)arguments {
401409
ruleCleanup:SNTRuleCleanupNone
402410
source:SNTRuleAddSourceSantactl
403411
reply:^(BOOL success, NSArray<NSError *> *errors) {
404-
if (!errors) {
412+
if (!success) {
405413
TEE_LOGE(@"Failed to modify rules:");
406414
for (NSError *e in errors) {
407415
TEE_LOGE(@"\t%@", e.localizedFailureReason);
408416
}
409-
exit(1);
410-
} else {
411-
if (errors.count > 0) {
412-
TEE_LOGE(@"Rules were modified but with the following issues:");
413-
for (NSError *e in errors) {
414-
TEE_LOGE(@"\t%@", e.localizedFailureReason);
415-
}
416-
}
417-
NSString *ruleType;
418-
switch (newRule.type) {
419-
case SNTRuleTypeCertificate:
420-
ruleType = @"Certificate SHA-256";
421-
break;
422-
case SNTRuleTypeBinary: {
423-
ruleType = @"SHA-256";
424-
break;
425-
}
426-
case SNTRuleTypeTeamID: {
427-
ruleType = @"Team ID";
428-
break;
429-
}
430-
case SNTRuleTypeSigningID: {
431-
ruleType = @"Signing ID";
432-
break;
433-
}
434-
case SNTRuleTypeCDHash: {
435-
ruleType = @"CDHash";
436-
break;
437-
}
438-
default: ruleType = @"(Unknown type)";
439-
}
440-
if (newRule.state == SNTRuleStateRemove) {
441-
printf("Removed rule for %s: %s.\n", [ruleType UTF8String],
442-
[newRule.identifier UTF8String]);
443-
} else {
444-
printf("Added rule for %s: %s.\n", [ruleType UTF8String],
445-
[newRule.identifier UTF8String]);
417+
exit(EXIT_FAILURE);
418+
}
419+
420+
if (errors.count > 0) {
421+
TEE_LOGW(@"Rules were modified but with the following issues:");
422+
for (NSError *e in errors) {
423+
TEE_LOGW(@"\t%@", e.localizedFailureReason);
446424
}
447-
exit(0);
448425
}
426+
427+
NSString *ruleType;
428+
switch (newRule.type) {
429+
case SNTRuleTypeCertificate:
430+
ruleType = @"Certificate SHA-256";
431+
break;
432+
case SNTRuleTypeBinary: ruleType = @"SHA-256"; break;
433+
case SNTRuleTypeTeamID: ruleType = @"Team ID"; break;
434+
case SNTRuleTypeSigningID: ruleType = @"Signing ID"; break;
435+
case SNTRuleTypeCDHash: ruleType = @"CDHash"; break;
436+
default: ruleType = @"(Unknown type)"; break;
437+
}
438+
if (newRule.state == SNTRuleStateRemove) {
439+
printf("Removed rule for %s: %s.\n", [ruleType UTF8String],
440+
[newRule.identifier UTF8String]);
441+
} else {
442+
printf("Added rule for %s: %s.\n", [ruleType UTF8String],
443+
[newRule.identifier UTF8String]);
444+
}
445+
exit(EXIT_SUCCESS);
449446
}];
450447
}
451448

0 commit comments

Comments
 (0)