Add delegated signal handling support (#932)

Fixes SNT-404

Author: sharvilshah

Source/common/Platform.h

@@ -34,4 +34,11 @@
 #undef HAVE_MACOS_15_4
 #endif
 
+#if defined(MAC_OS_VERSION_15_5) && \
+    __MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_15_5
+#define HAVE_MACOS_15_5 1
+#else
+#undef HAVE_MACOS_15_5
+#endif
+
 #endif  // SANTA_COMMON_PLATFORM_H

Source/common/SNTConfigurator.h

@@ -196,6 +196,15 @@
 ///
 @property(readonly, nonatomic, nullable) NSArray<NSString*>* antiSuspendSigningIDs;
 
+///
+///  When YES, signals delegated by launchd on behalf of any Apple platform
+///  binary (instigator->is_platform_binary == true) targeting santad are
+///  allowed, in addition to the hardcoded allowlist baked into the tamper
+///  resistance client. Defaults to NO. Available on macOS 15.5+ where the ES
+///  SIGNAL event exposes the instigator field; ignored on older OSes.
+///
+@property(readonly, nonatomic) BOOL allowDelegatedSignals;
+
 ///
 ///  Defines how event logs are stored. Options are:
 ///    SNTEventLogTypeSyslog "syslog": Sent to ASL or ULS (if built with the 10.12 SDK or later).

Source/common/SNTConfigurator.mm

@@ -175,6 +175,7 @@ @implementation SNTConfigurator
 static NSString* const kEnableAntiTamperProcessSuspendResumeKey =
     @"EnableAntiTamperProcessSuspendResume";
 static NSString* const kAntiSuspendSigningIDsKey = @"AntiSuspendSigningIDs";
+static NSString* const kAllowDelegatedSignalsKey = @"AllowDelegatedSignals";
 static NSString* const kFailClosedKey = @"FailClosed";
 static NSString* const kDisableUnknownEventUploadKey = @"DisableUnknownEventUpload";
 
@@ -355,6 +356,7 @@ - (instancetype)initWithSyncStateFile:(NSString*)syncStateFilePath
       kEnableBadSignatureProtectionKey : number,
       kEnableAntiTamperProcessSuspendResumeKey : number,
       kAntiSuspendSigningIDsKey : array,
+      kAllowDelegatedSignalsKey : number,
       kEnableStandalonePasswordFallbackKey : number,
       kEnableSilentModeKey : number,
       kEnableSilentTTYModeKey : number,
@@ -818,6 +820,10 @@ + (NSSet*)keyPathsForValuesAffectingAntiSuspendSigningIDs {
   return [self configStateSet];
 }
 
++ (NSSet*)keyPathsForValuesAffectingAllowDelegatedSignals {
+  return [self configStateSet];
+}
+
 + (NSSet*)keyPathsForValuesAffectingRemovableMediaAction {
   return [self syncAndConfigStateSet];
 }
@@ -1181,6 +1187,11 @@ - (BOOL)enableAntiTamperProcessSuspendResume {
   return EnsureArrayOfStrings(self.configState[kAntiSuspendSigningIDsKey]);
 }
 
+- (BOOL)allowDelegatedSignals {
+  NSNumber* number = self.configState[kAllowDelegatedSignalsKey];
+  return number ? [number boolValue] : NO;
+}
+
 - (BOOL)enableStandalonePasswordFallback {
   NSNumber* number = self.configState[kEnableStandalonePasswordFallbackKey];
   return number ? [number boolValue] : YES;

Source/common/SNTConfiguratorTest.mm

@@ -269,4 +269,20 @@ - (void)testTelemetryFilterExpressions {
   }
 }
 
+- (void)testAllowDelegatedSignalsDefault {
+  SNTConfigurator* sut = [[SNTConfigurator alloc] init];
+  // Default must be NO
+  XCTAssertFalse(sut.allowDelegatedSignals);
+}
+
+- (void)testAllowDelegatedSignalsOverride {
+  SNTConfigurator* sut = [[SNTConfigurator alloc] init];
+
+  sut.configState[@"AllowDelegatedSignals"] = @YES;
+  XCTAssertTrue(sut.allowDelegatedSignals);
+
+  sut.configState[@"AllowDelegatedSignals"] = @NO;
+  XCTAssertFalse(sut.allowDelegatedSignals);
+}
+
 @end

Source/santad/EventProviders/SNTEndpointSecurityTamperResistance.h

@@ -33,10 +33,16 @@ NS_ASSUME_NONNULL_BEGIN
 /// Accepts an NSArray of NSStrings but stores internally as a hash set for O(1) lookup.
 - (void)setAntiSuspendSigningIDs:(nullable NSArray<NSString*>*)antiSuspendSigningIDs;
 
+/// When YES, signals delegated by launchd on behalf of any Apple platform
+/// binary may target santad, in addition to the hardcoded allowlist.
+/// Synchronized for safe concurrent access; live-updated from KVO.
+@property(atomic) BOOL allowDelegatedSignals;
+
 - (instancetype)initWithESAPI:(std::shared_ptr<santa::EndpointSecurityAPI>)esApi
                       metrics:(std::shared_ptr<santa::ESMetricsObserver>)metrics
                        logger:(std::shared_ptr<santa::Logger>)logger
-        antiSuspendSigningIDs:(nullable NSArray<NSString*>*)antiSuspendSigningIDs;
+        antiSuspendSigningIDs:(nullable NSArray<NSString*>*)antiSuspendSigningIDs
+        allowDelegatedSignals:(BOOL)allowDelegatedSignals;
 
 @end
 

Source/santad/EventProviders/SNTEndpointSecurityTamperResistance.mm

@@ -30,6 +30,7 @@
 #include "absl/container/flat_hash_set.h"
 #include "absl/synchronization/mutex.h"
 
+#import "Source/common/Platform.h"
 #import "Source/common/SNTConfigurator.h"
 #import "Source/common/SNTLogging.h"
 #import "Source/common/SigningIDHelpers.h"
@@ -58,6 +59,20 @@
     {"/Library/LaunchDaemons/com.northpolesec.santa.", WatchItemPathType::kPrefix},
 };
 
+#if HAVE_MACOS_15_5
+// Platform-binary signing-IDs that Santa trusts to ask launchd to deliver
+// a signal to santad. Extended at runtime via the `AllowDelegatedSignals`
+// config (any platform binary is trusted when YES).
+static const absl::flat_hash_set<std::string> kTrustedSignalInstigators = {
+    // launchd's own signing-id; covers internal launchd flows that surface
+    // launchd as the instigator (e.g., bootout teardown).
+    "platform:com.apple.xpc.launchd",
+    // /usr/libexec/smd, the Service Management daemon, drives
+    // SMAppService / SMJobBless flows that may signal santad.
+    "platform:com.apple.xpc.smd",
+};
+#endif  // HAVE_MACOS_15_5
+
 void RemoveLegacyLaunchdPlists() {
   constexpr std::string_view legacyPlists[] = {
       "/Library/LaunchDaemons/com.google.santad.plist",
@@ -156,12 +171,14 @@ @implementation SNTEndpointSecurityTamperResistance {
 - (instancetype)initWithESAPI:(std::shared_ptr<EndpointSecurityAPI>)esApi
                       metrics:(std::shared_ptr<santa::ESMetricsObserver>)metrics
                        logger:(std::shared_ptr<Logger>)logger
-        antiSuspendSigningIDs:(NSArray<NSString*>*)antiSuspendSigningIDs {
+        antiSuspendSigningIDs:(NSArray<NSString*>*)antiSuspendSigningIDs
+        allowDelegatedSignals:(BOOL)allowDelegatedSignals {
   self = [super initWithESAPI:std::move(esApi)
                       metrics:std::move(metrics)
                     processor:santa::Processor::kTamperResistance];
   if (self) {
     _logger = logger;
+    self.allowDelegatedSignals = allowDelegatedSignals;
     [self setAntiSuspendSigningIDs:antiSuspendSigningIDs];
 
     [self establishClientOrDie];
@@ -269,22 +286,56 @@ - (void)handleMessage:(Message&&)esMsg
     }
 
     case ES_EVENT_TYPE_AUTH_SIGNAL: {
+      // signal event type in ES does not support caching
+      cacheable = false;
       if (esMsg->event.signal.sig == 0) {
         // Signal 0 doesn't actually get sent to the process, it is only used to
         // check if the process exists. Because of this, we don't need to block it.
         break;
       }
 
-      // Only block signals sent to us and not from launchd.
       pid_t sourcePid = audit_token_to_pid(esMsg->process->audit_token);
       pid_t targetPid = audit_token_to_pid(esMsg->event.signal.target->audit_token);
-      if (targetPid == getpid() && sourcePid != 1) {
+
+      if (targetPid != getpid()) {
+        break;
+      }
+
+      // Only launchd may deliver signals to santad.
+      if (sourcePid != 1) {
         LOGW(@"Preventing attempt to signal Santa daemon: signal %d, sending pid: %d, sending "
              @"process: %@",
              esMsg->event.signal.sig, sourcePid,
              santa::StringTokenToNSString(esMsg->process->executable->path));
         result = ES_AUTH_RESULT_DENY;
+        break;
+      }
+
+      // When launchd delivers a signal on behalf of another process (msg
+      // version >= 9 with non-NULL instigator), the originator must match
+      // kTrustedSignalInstigators or be a platform binary while
+      // AllowDelegatedSignals is YES.
+#if HAVE_MACOS_15_5
+      if (esMsg->version >= 9) {
+        const es_process_t* instigator = esMsg->event.signal.instigator;
+        if (instigator != NULL) {
+          NSString* signingId = FormatSigningID(
+              santa::StringTokenToNSString(instigator->signing_id),
+              santa::StringTokenToNSString(instigator->team_id), instigator->is_platform_binary);
+          bool isAllowlisted = signingId && kTrustedSignalInstigators.contains(
+                                                santa::NSStringToUTF8String(signingId));
+          bool isPermittedPlatformBinary =
+              self.allowDelegatedSignals && instigator->is_platform_binary;
+          if (!isAllowlisted && !isPermittedPlatformBinary) {
+            LOGW(@"Preventing delegated signal to Santa daemon: signal %d, "
+                 @"instigator pid: %d, instigator process: %@",
+                 esMsg->event.signal.sig, audit_token_to_pid(instigator->audit_token),
+                 santa::StringTokenToNSString(instigator->executable->path));
+            result = ES_AUTH_RESULT_DENY;
+          }
+        }
       }
+#endif  // HAVE_MACOS_15_5
       break;
     }
 

Source/santad/EventProviders/SNTEndpointSecurityTamperResistanceTest.mm

@@ -25,6 +25,7 @@
 #include <memory>
 #include <set>
 
+#import "Source/common/Platform.h"
 #import "Source/common/SNTConfigurator.h"
 #include "Source/common/TestUtils.h"
 #include "Source/common/es/Client.h"
@@ -90,7 +91,8 @@ - (void)testEnable {
       [[SNTEndpointSecurityTamperResistance alloc] initWithESAPI:mockESApi
                                                          metrics:nullptr
                                                           logger:nullptr
-                                           antiSuspendSigningIDs:nil];
+                                           antiSuspendSigningIDs:nil
+                                           allowDelegatedSignals:NO];
   id mockTamperClient = OCMPartialMock(tamperClient);
 
   [mockTamperClient enable];
@@ -136,7 +138,8 @@ - (void)testEnableWithAntiSuspendSigningIDs {
               initWithESAPI:mockESApi
                     metrics:nullptr
                      logger:nullptr
-      antiSuspendSigningIDs:@[ @"ABCDE12345:com.example.protected" ]];
+      antiSuspendSigningIDs:@[ @"ABCDE12345:com.example.protected" ]
+      allowDelegatedSignals:NO];
   id mockTamperClient = OCMPartialMock(tamperClient);
 
   [mockTamperClient enable];
@@ -178,7 +181,8 @@ - (void)testSetAntiSuspendSigningIDsAfterEnable {
       [[SNTEndpointSecurityTamperResistance alloc] initWithESAPI:mockESApi
                                                          metrics:nullptr
                                                           logger:nullptr
-                                           antiSuspendSigningIDs:nil];
+                                           antiSuspendSigningIDs:nil
+                                           allowDelegatedSignals:NO];
   id mockTamperClient = OCMPartialMock(tamperClient);
 
   [mockTamperClient enable];
@@ -237,7 +241,8 @@ - (void)testHandleMessage {
       [[SNTEndpointSecurityTamperResistance alloc] initWithESAPI:mockESApi
                                                          metrics:nullptr
                                                           logger:nullptr
-                                           antiSuspendSigningIDs:nil];
+                                           antiSuspendSigningIDs:nil
+                                           allowDelegatedSignals:NO];
 
   id mockTamperClient = OCMPartialMock(tamperClient);
 
@@ -528,9 +533,80 @@ - (void)testHandleMessage {
 
       XCTAssertSemaTrue(semaMetrics, 5, "Metrics not recorded within expected window");
       XCTAssertEqual(gotAuthResult, kv.second);
-      XCTAssertEqual(gotCachable, kv.second == ES_AUTH_RESULT_ALLOW);
+      XCTAssertFalse(gotCachable);
+    }
+  }
+
+  // Check SIGNAL tamper events with v9 instigator field
+#if HAVE_MACOS_15_5
+  {
+    esMsg.event_type = ES_EVENT_TYPE_AUTH_SIGNAL;
+    esMsg.version = 9;
+
+    struct InstigatorCase {
+      const char* desc;
+      bool allowDelegatedSignals;
+      bool hasInstigator;
+      bool instigatorIsPlatform;
+      const char* instigatorTeamID;
+      const char* instigatorSigningID;
+      es_auth_result_t expected;
+    };
+
+    static const InstigatorCase cases[] = {
+        // Direct signal from launchd (no instigator) -> ALLOW (shutdown path).
+        {"direct from launchd", /*allow=*/false, /*hasInst=*/false,
+         /*plat=*/false, "", "", ES_AUTH_RESULT_ALLOW},
+        // Delegated by launchd itself -> ALLOW (baseline).
+        {"baseline launchd", false, true, true, "", "com.apple.xpc.launchd", ES_AUTH_RESULT_ALLOW},
+        // Delegated by smd -> ALLOW (baseline).
+        {"baseline smd", false, true, true, "", "com.apple.xpc.smd", ES_AUTH_RESULT_ALLOW},
+        // Unlisted platform binary with AllowDelegatedSignals=NO -> DENY.
+        {"unlisted platform, AllowDelegatedSignals=NO", false, true, true, "", "com.apple.unknown",
+         ES_AUTH_RESULT_DENY},
+        // Same instigator with AllowDelegatedSignals=YES -> ALLOW.
+        {"unlisted platform, AllowDelegatedSignals=YES", true, true, true, "", "com.apple.unknown",
+         ES_AUTH_RESULT_ALLOW},
+        // Third-party-signed instigator with AllowDelegatedSignals=YES -> DENY
+        // (the config only relaxes when is_platform_binary == true).
+        {"third party, AllowDelegatedSignals=YES", true, true, false, "ABCDE12345", "com.evil.app",
+         ES_AUTH_RESULT_DENY},
+    };
+
+    for (const auto& c : cases) {
+      [tamperClient setAllowDelegatedSignals:c.allowDelegatedSignals];
+      Message msg(mockESApi, &esMsg);
+
+      es_process_t target_proc = MakeESProcess(&file);
+      target_proc.audit_token = MakeAuditToken(getpid(), 42);
+      esMsg.event.signal.target = &target_proc;
+      esMsg.process->audit_token = MakeAuditToken(1, 42);  // sender = launchd
+
+      es_file_t instigatorFile = MakeESFile("/usr/libexec/instigator");
+      es_process_t instigator_proc = MakeESProcess(&instigatorFile);
+      instigator_proc.team_id = MakeESStringToken(c.instigatorTeamID);
+      instigator_proc.signing_id = MakeESStringToken(c.instigatorSigningID);
+      instigator_proc.is_platform_binary = c.instigatorIsPlatform;
+      esMsg.event.signal.instigator = c.hasInstigator ? &instigator_proc : NULL;
+
+      [mockTamperClient handleMessage:std::move(msg)
+                   recordEventMetrics:^(EventDisposition d) {
+                     XCTAssertEqual(d,
+                                    c.expected == ES_AUTH_RESULT_DENY ? EventDisposition::kProcessed
+                                                                      : EventDisposition::kDropped,
+                                    @"%s", c.desc);
+                     dispatch_semaphore_signal(semaMetrics);
+                   }];
+
+      XCTAssertSemaTrue(semaMetrics, 5, "Metrics not recorded within expected window");
+      XCTAssertEqual(gotAuthResult, c.expected, @"%s", c.desc);
     }
+
+    // Reset shared state for downstream test blocks.
+    esMsg.event.signal.instigator = NULL;
+    esMsg.version = MaxSupportedESMessageVersionForCurrentOS();
   }
+#endif  // HAVE_MACOS_15_5
 
   // Check PROC_SUSPEND_RESUME tamper events - EnableAntiTamperProcessSuspendResume = NO
   {
@@ -742,7 +818,8 @@ - (void)testHandleMessageTruncatedPath {
       [[SNTEndpointSecurityTamperResistance alloc] initWithESAPI:mockESApi
                                                          metrics:nullptr
                                                           logger:nullptr
-                                           antiSuspendSigningIDs:nil];
+                                           antiSuspendSigningIDs:nil
+                                           allowDelegatedSignals:NO];
 
   id mockTamperClient = OCMPartialMock(tamperClient);
 

Source/santad/Santad.mm

@@ -168,7 +168,8 @@ void SantadMain(std::shared_ptr<EndpointSecurityAPI> esapi, std::shared_ptr<Logg
               initWithESAPI:esapi
                     metrics:metrics
                      logger:logger
-      antiSuspendSigningIDs:[configurator antiSuspendSigningIDs]];
+      antiSuspendSigningIDs:[configurator antiSuspendSigningIDs]
+      allowDelegatedSignals:[configurator allowDelegatedSignals]];
 
   auto faaPolicyProcessor = std::make_shared<santa::FAAPolicyProcessor>(
       [SNTDecisionCache sharedCache], enricher, logger, tty_writer, metrics,
@@ -476,6 +477,15 @@ void SantadMain(std::shared_ptr<EndpointSecurityAPI> esapi, std::shared_ptr<Logg
                                    LOGI(@"AntiSuspendSigningIDs changed");
                                    [tamper_client setAntiSuspendSigningIDs:newValue];
                                  }],
+    [[SNTKVOManager alloc] initWithObject:configurator
+                                 selector:@selector(allowDelegatedSignals)
+                                     type:[NSNumber class]
+                                 callback:^(NSNumber* oldValue, NSNumber* newValue) {
+                                   if ([oldValue isEqual:newValue]) return;
+
+                                   LOGI(@"AllowDelegatedSignals changed: %@", newValue);
+                                   [tamper_client setAllowDelegatedSignals:[newValue boolValue]];
+                                 }],
     [[SNTKVOManager alloc] initWithObject:configurator
                                  selector:@selector(staticRules)
                                      type:[NSArray class]

docs/src/lib/santaconfig.ts

@@ -155,6 +155,16 @@ export const SantaConfigKeyGroups: SantaConfigGroups = {
       ],
       versionAdded: "2026.3",
     },
+    {
+      key: "AllowDelegatedSignals",
+      description:
+        `If true, signals delegated by \'launchd\' on behalf of any Apple platform binary targeting \'santad\'
+        are allowed.`,
+      type: "bool",
+      defaultValue: false,
+      syncConfigurable: false,
+      versionAdded: "2026.4",
+    },
   ],
   gui: [
     {