Skip to content
This repository has been archived by the owner on Feb 5, 2025. It is now read-only.

Commit

Permalink
remove debug logs
Browse files Browse the repository at this point in the history
  • Loading branch information
@kallsyms
kallsyms committed Dec 19, 2023
1 parent 405c172 commit c24c00f
Showing 1 changed file with 4 additions and 11 deletions.
15 changes: 4 additions & 11 deletions Source/santad/ProcessTree/EndpointSecurityAdapter.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,23 +22,16 @@
namespace santa::santad::process_tree {

void InformFromESEvent(int client, ProcessTree &tree, const es_message_t *msg) {
NSLog(@"step %d @ %llu", client, msg->mach_time);

struct Pid event_pid = PidFromAuditToken(msg->process->audit_token);
auto proc = tree.Get(event_pid);
NSLog(@"event type %d @ %llu, pid %d:%llu, proc %d %p", msg->event_type, msg->mach_time,
event_pid.pid, event_pid.pidversion, proc.has_value(), proc->get());

if (!proc) {
NSLog(@"no proc %d:%llu in tree, skipping event...", event_pid.pid, event_pid.pidversion);
return;
}

switch (msg->event_type) {
case ES_EVENT_TYPE_AUTH_EXEC:
case ES_EVENT_TYPE_NOTIFY_EXEC: {
NSLog(@"exec to %d:%llu", PidFromAuditToken(msg->event.exec.target->audit_token).pid,
PidFromAuditToken(msg->event.exec.target->audit_token).pidversion);
std::vector<std::string> args;
args.reserve(es_exec_arg_count(&msg->event.exec));
for (int i = 0; i < es_exec_arg_count(&msg->event.exec); i++) {
Expand All @@ -59,15 +52,15 @@ void InformFromESEvent(int client, ProcessTree &tree, const es_message_t *msg) {
break;
}
case ES_EVENT_TYPE_NOTIFY_FORK: {
NSLog(@"fork to %d:%llu", PidFromAuditToken(msg->event.fork.child->audit_token).pid,
PidFromAuditToken(msg->event.fork.child->audit_token).pidversion);
tree.HandleFork(msg->mach_time, **proc,
PidFromAuditToken(msg->event.fork.child->audit_token));
break;
}
case ES_EVENT_TYPE_NOTIFY_EXIT:
tree.HandleExit(msg->mach_time, **proc); break;
default: NSLog(@"Unexpected event type %d", msg->event_type); return;
tree.HandleExit(msg->mach_time, **proc);
break;
default:
return;
}
}
} // namespace process_tree

0 comments on commit c24c00f

Please sign in to comment.