Skip to content

Commit

Permalink
Add basic metrics to report when the FAM client is enabled (#1043)
Browse files Browse the repository at this point in the history
  • Loading branch information
mlw authored Feb 17, 2023
1 parent cf0e3fd commit 6155804
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
1 change: 1 addition & 0 deletions Source/santad/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,7 @@ objc_library(
"//Source/common:Platform",
"//Source/common:SNTCommonEnums",
"//Source/common:SNTConfigurator",
"//Source/common:SNTMetricSet",
"//Source/common:SantaCache",
"//Source/common:SantaVnode",
"//Source/common:SantaVnodeHash",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
#include "Source/common/Platform.h"
#import "Source/common/SNTCommonEnums.h"
#import "Source/common/SNTConfigurator.h"
#import "Source/common/SNTMetricSet.h"
#include "Source/common/SantaCache.h"
#include "Source/common/SantaVnode.h"
#include "Source/common/SantaVnodeHash.h"
Expand Down Expand Up @@ -190,6 +191,7 @@ void PopulatePathTargets(const Message &msg, std::vector<PathTarget> &targets) {
@interface SNTEndpointSecurityFileAccessAuthorizer ()
@property SNTDecisionCache *decisionCache;
@property bool isSubscribed;
@property SNTMetricBooleanGauge *famEnabled;
@end

@implementation SNTEndpointSecurityFileAccessAuthorizer {
Expand Down Expand Up @@ -218,6 +220,11 @@ @implementation SNTEndpointSecurityFileAccessAuthorizer {

_decisionCache = decisionCache;

_famEnabled = [[SNTMetricSet sharedInstance]
booleanGaugeWithName:@"/santa/fam_enabled"
fieldNames:@[]
helpText:@"Whether or not the FAM client is enabled"];

[self establishClientOrDie];

[super enableTargetPathWatching];
Expand Down Expand Up @@ -522,7 +529,10 @@ - (void)enable {
#endif

if (!self.isSubscribed) {
self.isSubscribed = [super subscribe:events];
if ([super subscribe:events]) {
self.isSubscribed = true;
[self.famEnabled set:YES forFieldValues:@[]];
}
}

// Always clear cache to ensure operations that were previously allowed are re-evaluated.
Expand All @@ -533,6 +543,7 @@ - (void)disable {
if (self.isSubscribed) {
if ([super unsubscribeAll]) {
self.isSubscribed = false;
[self.famEnabled set:NO forFieldValues:@[]];
}
[super unmuteEverything];
}
Expand Down

0 comments on commit 6155804

Please sign in to comment.