Skip to content

santad: Integrate CEL rule processing into execution path#434

Merged
russellhancox merged 6 commits into
mainfrom
rah/cel-rules-2
Jun 11, 2025
Merged

santad: Integrate CEL rule processing into execution path#434
russellhancox merged 6 commits into
mainfrom
rah/cel-rules-2

Conversation

@russellhancox

@russellhancox russellhancox commented Jun 6, 2025

Copy link
Copy Markdown
Member

This change allows Santa to process CEL rules as part of execution authorization. It purposefully does not add any method to get CEL rules into the database, while we validate that everything works both correctly and performantly.

@github-actions github-actions Bot added comp/santad Issues or PRs related to the daemon lang/objc PRs modifying files in ObjC lang/objc++ PRs modifying files in ObjC++ comp/common size/m Size: medium labels Jun 6, 2025
@russellhancox russellhancox marked this pull request as ready for review June 9, 2025 17:21
@russellhancox russellhancox requested a review from a team as a code owner June 9, 2025 17:21
Comment thread Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.mm Outdated
Comment thread Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.mm Outdated
Comment thread Source/santad/SNTPolicyProcessor.mm Outdated
Comment thread Source/santad/SNTPolicyProcessor.mm Outdated
Comment thread Source/santad/SNTExecutionController.mm Outdated
Comment thread Source/santad/EventProviders/AuthResultCache.mm Outdated
Comment thread Source/santad/SNTExecutionController.mm Outdated
Comment thread Source/santad/SNTExecutionController.mm Outdated
Comment thread Source/santad/SNTExecutionController.mm Outdated
Comment thread Source/santad/SNTExecutionController.mm Outdated
@russellhancox russellhancox requested a review from mlw June 10, 2025 18:17
Comment thread Source/santad/SNTPolicyProcessor.mm Outdated
Comment thread Source/common/SNTCachedDecision.h
Comment thread Source/common/cel/cel.proto Outdated
Comment thread Source/santad/EventProviders/SNTEndpointSecurityAuthorizer.mm
Comment thread Source/santad/SNTPolicyProcessor.mm Outdated
Comment thread Source/santad/SNTPolicyProcessor.mm Outdated
@russellhancox russellhancox requested a review from mlw June 10, 2025 20:28

@mlw mlw left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome, excited to get this in.

Comment thread Source/santad/SNTPolicyProcessor.mm
@russellhancox russellhancox enabled auto-merge (squash) June 11, 2025 08:33
@russellhancox russellhancox merged commit d63cdeb into main Jun 11, 2025
10 checks passed
@russellhancox russellhancox deleted the rah/cel-rules-2 branch June 11, 2025 08:36
@pmarkowsky

pmarkowsky commented Jun 11, 2025 via email

Copy link
Copy Markdown
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp/common comp/santad Issues or PRs related to the daemon lang/objc PRs modifying files in ObjC lang/objc++ PRs modifying files in ObjC++ size/m Size: medium

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants