diff --git a/Source/santad/BUILD b/Source/santad/BUILD index 982fd50f5..02c149f12 100644 --- a/Source/santad/BUILD +++ b/Source/santad/BUILD @@ -345,6 +345,7 @@ objc_library( "//Source/common:Platform", "//Source/common:SNTCommonEnums", "//Source/common:SNTConfigurator", + "//Source/common:SNTMetricSet", "//Source/common:SantaCache", "//Source/common:SantaVnode", "//Source/common:SantaVnodeHash", diff --git a/Source/santad/EventProviders/SNTEndpointSecurityFileAccessAuthorizer.mm b/Source/santad/EventProviders/SNTEndpointSecurityFileAccessAuthorizer.mm index b3f22de3d..78e8f21b8 100644 --- a/Source/santad/EventProviders/SNTEndpointSecurityFileAccessAuthorizer.mm +++ b/Source/santad/EventProviders/SNTEndpointSecurityFileAccessAuthorizer.mm @@ -32,6 +32,7 @@ #include "Source/common/Platform.h" #import "Source/common/SNTCommonEnums.h" #import "Source/common/SNTConfigurator.h" +#import "Source/common/SNTMetricSet.h" #include "Source/common/SantaCache.h" #include "Source/common/SantaVnode.h" #include "Source/common/SantaVnodeHash.h" @@ -190,6 +191,7 @@ void PopulatePathTargets(const Message &msg, std::vector &targets) { @interface SNTEndpointSecurityFileAccessAuthorizer () @property SNTDecisionCache *decisionCache; @property bool isSubscribed; +@property SNTMetricBooleanGauge *famEnabled; @end @implementation SNTEndpointSecurityFileAccessAuthorizer { @@ -218,6 +220,11 @@ @implementation SNTEndpointSecurityFileAccessAuthorizer { _decisionCache = decisionCache; + _famEnabled = [[SNTMetricSet sharedInstance] + booleanGaugeWithName:@"/santa/fam_enabled" + fieldNames:@[] + helpText:@"Whether or not the FAM client is enabled"]; + [self establishClientOrDie]; [super enableTargetPathWatching]; @@ -522,7 +529,10 @@ - (void)enable { #endif if (!self.isSubscribed) { - self.isSubscribed = [super subscribe:events]; + if ([super subscribe:events]) { + self.isSubscribed = true; + [self.famEnabled set:YES forFieldValues:@[]]; + } } // Always clear cache to ensure operations that were previously allowed are re-evaluated. @@ -533,6 +543,7 @@ - (void)disable { if (self.isSubscribed) { if ([super unsubscribeAll]) { self.isSubscribed = false; + [self.famEnabled set:NO forFieldValues:@[]]; } [super unmuteEverything]; }