project: add EnableDebugLogging option (#501)

* project: add EnableDebugLogging option

* review updates

Source/common/BUILD

@@ -10,6 +10,7 @@ objc_library(
     hdrs = ["SNTBlockMessage.h"],
     deps = [
         ":SNTConfigurator",
+        ":SNTLogging",
         ":SNTStoredEvent",
     ],
 )
@@ -21,6 +22,7 @@ objc_library(
     defines = ["SANTAGUI"],
     deps = [
         ":SNTConfigurator",
+        ":SNTLogging",
         ":SNTStoredEvent",
     ],
 )
@@ -46,7 +48,6 @@ objc_library(
     hdrs = ["SNTConfigurator.h"],
     deps = [
         ":SNTCommonEnums",
-        ":SNTLogging",
         ":SNTStrengthify",
         ":SNTSystemInfo",
     ],
@@ -82,6 +83,7 @@ objc_library(
     name = "SNTLogging",
     srcs = ["SNTLogging.m"],
     hdrs = ["SNTLogging.h"],
+    deps = [":SNTConfigurator"],
 )
 
 cc_library(

Source/common/SNTConfigurator.h

@@ -325,6 +325,12 @@
 ///
 @property(readonly, nonatomic) BOOL ignoreOtherEndpointSecurityClients;
 
+///
+///  If true, debug logging will be enabled for all Santa components. Defaults to false.
+///  Passing --debug as an executable argument will enable debug logging for that specific component.
+///
+@property(readonly, nonatomic) BOOL enableDebugLogging;
+
 ///
 ///  Retrieve an initialized singleton configurator object using the default file path.
 ///

Source/common/SNTConfigurator.m

@@ -16,21 +16,23 @@
 
 #include <sys/stat.h>
 
-#import "Source/common/SNTLogging.h"
 #import "Source/common/SNTStrengthify.h"
 #import "Source/common/SNTSystemInfo.h"
 
 @interface SNTConfigurator ()
 /// A NSUserDefaults object set to use the com.google.santa suite.
 @property(readonly, nonatomic) NSUserDefaults *defaults;
 
-// Keys and expected value types.
+/// Keys and expected value types.
 @property(readonly, nonatomic) NSDictionary *syncServerKeyTypes;
 @property(readonly, nonatomic) NSDictionary *forcedConfigKeyTypes;
 
 /// Holds the configurations from a sync server and mobileconfig.
 @property NSMutableDictionary *syncState;
 @property NSMutableDictionary *configState;
+
+/// Was --debug passed as an argument to this process?
+@property(readonly, nonatomic) BOOL debugFlag;
 @end
 
 @implementation SNTConfigurator
@@ -80,6 +82,8 @@ @implementation SNTConfigurator
 
 static NSString *const kEnableForkAndExitLogging = @"EnableForkAndExitLogging";
 static NSString *const kIgnoreOtherEndpointSecurityClients = @"IgnoreOtherEndpointSecurityClients";
+static NSString *const kEnableDebugLogging = @"EnableDebugLogging";
+
 
 // The keys managed by a sync server or mobileconfig.
 static NSString *const kClientModeKey = @"ClientMode";
@@ -154,11 +158,13 @@ - (instancetype)init {
       kEnableSystemExtension : number,
       kEnableForkAndExitLogging : number,
       kIgnoreOtherEndpointSecurityClients : number,
+      kEnableDebugLogging: number,
     };
     _defaults = [NSUserDefaults standardUserDefaults];
     [_defaults addSuiteNamed:@"com.google.santa"];
     _configState = [self readForcedConfig];
     _syncState = [self readSyncStateFromDisk] ?: [NSMutableDictionary dictionary];
+    _debugFlag = [[NSProcessInfo processInfo].arguments containsObject:@"--debug"];
     [self startWatchingDefaults];
   }
   return self;
@@ -332,6 +338,10 @@ + (NSSet *)keyPathsForValuesAffectingIgnoreOtherEndpointSecurityClients {
   return [self configStateSet];
 }
 
++ (NSSet *)keyPathsForValuesAffectingEnableDebugLogging {
+  return [self configStateSet];
+}
+
 #pragma mark Public Interface
 
 - (SNTClientMode)clientMode {
@@ -351,8 +361,6 @@ - (SNTClientMode)clientMode {
 - (void)setSyncServerClientMode:(SNTClientMode)newMode {
   if (newMode == SNTClientModeMonitor || newMode == SNTClientModeLockdown) {
     [self updateSyncStateForKey:kClientModeKey value:@(newMode)];
-  } else {
-    LOGW(@"Ignoring request to change client mode to %ld", newMode);
   }
 }
 
@@ -415,7 +423,6 @@ - (NSArray *)fileChangesPrefixFilters {
   NSArray *filters = self.configState[kFileChangesPrefixFiltersKey];
   for (id filter in filters) {
     if (![filter isKindOfClass:[NSString class]]) {
-      LOGE(@"Ignoring FileChangesPrefixFilters: array contains a non-string %@", filter);
       return nil;
     }
   }
@@ -426,7 +433,6 @@ - (NSURL *)syncBaseURL {
   NSString *urlString = self.configState[kSyncBaseURLKey];
   if (![urlString hasSuffix:@"/"]) urlString = [urlString stringByAppendingString:@"/"];
   NSURL *url = [NSURL URLWithString:urlString];
-  if (urlString && !url) LOGW(@"SyncBaseURL is not a valid URL!");
   return url;
 }
 
@@ -581,6 +587,11 @@ - (BOOL)ignoreOtherEndpointSecurityClients {
   return number ? [number boolValue] : NO;
 }
 
+- (BOOL)enableDebugLogging {
+  NSNumber *number = self.configState[kEnableDebugLogging];
+  return [number boolValue] || self.debugFlag;
+}
+
 #pragma mark Private
 
 ///

Source/common/SNTLogging.m

@@ -14,6 +14,8 @@
 
 #import "Source/common/SNTLogging.h"
 
+#import "Source/common/SNTConfigurator.h"
+
 #import <asl.h>
 #import <pthread.h>
 
@@ -39,8 +41,7 @@ void logMessage(LogLevel level, FILE *destination, NSString *format, ...) {
   dispatch_once(&pred, ^{
     binaryName = [[NSProcessInfo processInfo] processName];
 
-    // If debug logging is enabled, the process must be restarted.
-    if ([[[NSProcessInfo processInfo] arguments] containsObject:@"--debug"]) {
+    if ([SNTConfigurator configurator].enableDebugLogging) {
       logLevel = LOG_LEVEL_DEBUG;
     }
 

Source/santa/BUILD

@@ -35,6 +35,7 @@ objc_library(
     deps = [
         "//Source/common:SNTBlockMessage_SantaGUI",
         "//Source/common:SNTConfigurator",
+        "//Source/common:SNTLogging",
         "//Source/common:SNTXPCControlInterface",
         "//Source/common:SNTXPCNotifierInterface",
         "@MOLCodesignChecker",