Add new install command

Source/common/SNTXPCControlInterface.h

@@ -1,16 +1,17 @@
 /// Copyright 2015 Google Inc. All rights reserved.
+/// Copyright 2024 North Pole Security, Inc.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
 /// You may obtain a copy of the License at
 ///
-///    http://www.apache.org/licenses/LICENSE-2.0
+///     https://www.apache.org/licenses/LICENSE-2.0
 ///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
 
 #import "Source/common/SNTRuleIdentifiers.h"
 #import "Source/common/SNTXPCUnprivilegedControlInterface.h"
@@ -59,6 +60,11 @@
 ///
 - (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message reply:(void (^)(void))reply;
 
+///
+/// Control Ops
+///
+- (void)installSantaApp:(NSString*)appPath reply:(void (^)(BOOL))reply;
+
 @end
 
 @interface SNTXPCControlInterface : NSObject

Source/santactl/BUILD

@@ -35,6 +35,17 @@ objc_library(
     ],
 )
 
+objc_library(
+    name = "SNTCommandInstall",
+    srcs = ["Commands/SNTCommandInstall.mm"],
+    deps = [
+        ":santactl_cmd",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTXPCControlInterface",
+        "@MOLXPCConnection",
+    ],
+)
+
 objc_library(
     name = "santactl_lib",
     srcs = [
@@ -58,6 +69,7 @@ objc_library(
     sdk_dylibs = ["libz"],
     sdk_frameworks = ["IOKit"],
     deps = [
+        ":SNTCommandInstall",
         ":SNTCommandPrintLog",
         ":santactl_cmd",
         "//Source/common:SNTCachedDecision",

Source/santactl/Commands/SNTCommandInstall.mm

@@ -0,0 +1,87 @@
+/// Copyright 2024 North Pole Security, Inc.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <Foundation/Foundation.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#include "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
+
+@interface SNTCommandInstall : SNTCommand <SNTCommandProtocol>
+@end
+
+@implementation SNTCommandInstall
+
+REGISTER_COMMAND_NAME(@"install")
+
++ (BOOL)requiresRoot {
+  return YES;
+}
+
++ (BOOL)requiresDaemonConn {
+  return YES;
+}
+
++ (NSString *)shortHelpText {
+  return @"Install a given package";
+}
+
++ (NSString *)longHelpText {
+  return @"Instruct the daemon to install Santa.app.\n"
+         @"\n"
+         @"  --path {path}: Path to the Santa.app bundle to install.\n"
+         @"\n";
+}
+
++ (BOOL)isHidden {
+  return YES;
+}
+
+- (void)runWithArguments:(NSArray *)arguments {
+  NSString *path;
+
+  for (NSUInteger i = 0; i < arguments.count; ++i) {
+    NSString *arg = arguments[i];
+
+    if ([arg caseInsensitiveCompare:@"--path"] == NSOrderedSame) {
+      if (++i > arguments.count - 1) {
+        [self printErrorUsageAndExit:@"--path requires an argument"];
+      }
+      path = arguments[i];
+    }
+  }
+
+  if (!path) {
+    [self printErrorUsageAndExit:@"No path specified"];
+  }
+
+  LOGI(@"Asking daemon to install: %@", path);
+
+  dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+  [[self.daemonConn remoteObjectProxy] installSantaApp:(NSString*)path reply:^(BOOL success){
+    LOGI(@"Got reply from daemon: %d", success);
+    dispatch_semaphore_signal(sema);
+  }];
+
+
+  if (dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, 10 * NSEC_PER_SEC)) > 0) {
+    LOGW(@"Timed out waiting for install to complete.");
+  }
+
+  exit(EXIT_SUCCESS);
+}
+
+@end

Source/santactl/SNTCommand.h

@@ -1,22 +1,23 @@
 /// Copyright 2017 Google Inc. All rights reserved.
+/// Copyright 2024 North Pole Security, Inc.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
 /// You may obtain a copy of the License at
 ///
-///    http://www.apache.org/licenses/LICENSE-2.0
+///     https://www.apache.org/licenses/LICENSE-2.0
 ///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
 
 #import <Foundation/Foundation.h>
 
 @class MOLXPCConnection;
 
-@protocol SNTCommandProtocol
+@protocol SNTCommandProtocol <NSObject>
 
 ///
 ///  @return YES if command requires root.
@@ -38,9 +39,16 @@
 ///
 + (NSString *)longHelpText;
 
+@optional
+
+///
+///  YES if the command should be hidden from usage text.
+///
++ (BOOL)isHidden;
+
 @end
 
-@protocol SNTCommandRunProtocol
+@protocol SNTCommandRunProtocol <NSObject>
 
 ///
 ///  Called when the user is running the command

Source/santactl/SNTCommandController.m

@@ -1,16 +1,17 @@
 /// Copyright 2015 Google Inc. All rights reserved.
+/// Copyright 2024 North Pole Security, Inc.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
 /// You may obtain a copy of the License at
 ///
-///    http://www.apache.org/licenses/LICENSE-2.0
+///     https://www.apache.org/licenses/LICENSE-2.0
 ///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
 
 #import "Source/santactl/SNTCommandController.h"
 
@@ -46,8 +47,13 @@ + (NSString *)usage {
   for (NSString *cmdName in
        [[registeredCommands allKeys] sortedArrayUsingSelector:@selector(caseInsensitiveCompare:)]) {
     Class<SNTCommandProtocol> command = registeredCommands[cmdName];
-    [helpText appendFormat:@"\t%*s - %@\n", longestCommandName, [cmdName UTF8String],
-                           [command shortHelpText]];
+
+    BOOL hidden = [command respondsToSelector:@selector(isHidden)] && [command isHidden];
+
+    if (!hidden) {
+      [helpText appendFormat:@"\t%*s - %@\n", longestCommandName, [cmdName UTF8String],
+                            [command shortHelpText]];
+    }
   }
 
   [helpText appendFormat:@"\nSee 'santactl help <command>' to read about a specific subcommand."];

Source/santad/SNTDaemonControlController.mm

@@ -1,16 +1,17 @@
 /// Copyright 2015-2022 Google Inc. All rights reserved.
+/// Copyright 2024 North Pole Security, Inc.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
 /// You may obtain a copy of the License at
 ///
-///    http://www.apache.org/licenses/LICENSE-2.0
+///     https://www.apache.org/licenses/LICENSE-2.0
 ///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
 
 #import "Source/santad/SNTDaemonControlController.h"
 
@@ -384,4 +385,11 @@ - (void)syncBundleEvent:(SNTStoredEvent *)event relatedEvents:(NSArray<SNTStored
                             }];
 }
 
+#pragma mark Control Ops
+
+- (void)installSantaApp:(NSString*)appPath reply:(void (^)(BOOL))reply {
+  LOGI(@"Got to the install path: %@", appPath);
+  reply(YES);
+}
+
 @end