Project: Move tests with the code they're testing (#343)

Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before

.bazelrc

@@ -1 +1 @@
-common --apple_generate_dsym
+common --apple_generate_dsym --define=apple.propagate_embedded_extra_outputs=yes

.travis.yml

@@ -9,4 +9,4 @@ addons:
 
 script:
  - bazel build :release --show_progress_rate_limit=30.0 -c opt --apple_generate_dsym --color=no --verbose_failures --sandbox_debug
- - bazel test :logic_tests --show_progress_rate_limit=30.0 --test_output=errors --verbose_failures --sandbox_debug
+ - bazel test :unit_tests --show_progress_rate_limit=30.0 --test_output=errors --color=no --verbose_failures --sandbox_debug

BUILD

@@ -5,8 +5,8 @@ licenses(["notice"])  # Apache 2.0
 exports_files(["LICENSE"])
 
 load("@build_bazel_rules_apple//apple:versioning.bzl", "apple_bundle_version")
+load("//:helper.bzl", "run_command")
 load("//:version.bzl", "SANTA_VERSION")
-load("//:cmd.bzl", "run_command")
 
 # The version label for mac_* rules.
 apple_bundle_version(
@@ -43,13 +43,13 @@ launchctl load /Library/LaunchAgents/com.google.santagui.plist
 
 run_command(
     name = "reload",
-    srcs = [":santa-driver"],
+    srcs = ["//Source/santa-driver"],
     cmd = """
 set -e
 
 rm -rf /tmp/bazel_santa_reload
 unzip -d /tmp/bazel_santa_reload \
-    $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/santa-driver.zip >/dev/null
+    $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/Source/santa-driver/santa-driver.zip >/dev/null
 echo "You may be asked for your password for sudo"
 sudo BINARIES=/tmp/bazel_santa_reload CONF=$${BUILD_WORKSPACE_DIRECTORY}/Conf \
     $${BUILD_WORKSPACE_DIRECTORY}/Conf/install.sh
@@ -64,8 +64,6 @@ echo "Time to stop being naughty"
 genrule(
     name = "release",
     srcs = [
-        "//Source/SantaGUI",  # Temporary, just for generating dSYMs
-        "//Source/santabs",  # Likewise
         "//Source/santa-driver",
         "Conf/install.sh",
         "Conf/uninstall.sh",
@@ -126,10 +124,6 @@ genrule(
         esac
       done
 
-      # Temporary workaround
-      mv $(@D)/binaries/santa-driver.kext/Contents/MacOS/{santactl,santad}.dSYM \
-          $(@D)/dsym
-
       # Cause a build failure if the dSYMs are missing.
       if [[ ! -d "$(@D)/dsym" ]]; then
         echo "dsym dir missing: Did you forget to use --apple_generate_dsym?"
@@ -148,3 +142,17 @@ genrule(
     }),
     heuristic_label_expansion = 0,
 )
+
+test_suite(
+    name = "unit_tests",
+    tests = [
+        "//Source/common:SNTFileInfoTest",
+        "//Source/santa-driver:SantaCacheTest",
+        "//Source/santa-driver:SantaPrefixTreeTest",
+        "//Source/santactl:SNTCommandFileInfoTest",
+        "//Source/santactl:SNTCommandSyncTest",
+        "//Source/santad:SNTEventTableTest",
+        "//Source/santad:SNTExecutionControllerTest",
+        "//Source/santad:SNTRuleTableTest",
+    ],
+)

Conf/install.sh

@@ -37,6 +37,7 @@ GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
 /bin/rm /usr/libexec/santad >/dev/null 2>&1
 /bin/rm /usr/sbin/santactl >/dev/null 2>&1
 /bin/rm -rf /Applications/Santa.app 2>&1
+/bin/rm -rf /Library/Extensions/santa-driver.kext 2>&1
 
 # Copy new files.
 /bin/cp -r ${BINARIES}/santa-driver.kext /Library/Extensions

Source/SantaGUI/SNTMessageWindowController.m

@@ -14,9 +14,8 @@
 
 #import "Source/SantaGUI/SNTMessageWindowController.h"
 
-#import <SecurityInterface/SFCertificatePanel.h>
-
 #import <MOLCertificate/MOLCertificate.h>
+#import <SecurityInterface/SFCertificatePanel.h>
 
 #import "Source/common/SNTBlockMessage.h"
 #import "Source/common/SNTConfigurator.h"

Source/common/BUILD

@@ -1,5 +1,7 @@
 package(default_visibility = ["//visibility:public"])
 
+load("//:helper.bzl", "santa_unit_test")
+
 objc_library(
     name = "SNTBlockMessage",
     srcs = ["SNTBlockMessage.m"],
@@ -95,6 +97,7 @@ objc_library(
     name = "SNTSystemInfo",
     srcs = ["SNTSystemInfo.m"],
     hdrs = ["SNTSystemInfo.h"],
+    sdk_frameworks = ["IOKit"],
 )
 
 objc_library(
@@ -149,3 +152,17 @@ objc_library(
         "@MOLXPCConnection",
     ],
 )
+
+santa_unit_test(
+    name = "SNTFileInfoTest",
+    srcs = ["SNTFileInfoTest.m"],
+    deps = [":SNTFileInfo"],
+    resources = [
+        "testdata/bad_pagezero",
+        "testdata/missing_pagezero",
+    ],
+    structured_resources = glob([
+        "testdata/BundleExample.app/**",
+        "testdata/DirectoryBundle/**",
+    ]),
+)

Source/common/SNTBlockMessage.m

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTBlockMessage.h"
+#import "Source/common/SNTBlockMessage.h"
 
-#import "SNTConfigurator.h"
-#import "SNTLogging.h"
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
 
 @implementation SNTBlockMessage
 

Source/common/SNTConfigurator.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
+#import "Source/common/SNTCommonEnums.h"
 
 ///
 ///  Singleton that provides an interface for managing configuration values on disk

Source/common/SNTConfigurator.m

@@ -12,13 +12,13 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTConfigurator.h"
+#import "Source/common/SNTConfigurator.h"
 
 #include <sys/stat.h>
 
-#import "SNTLogging.h"
-#import "SNTStrengthify.h"
-#import "SNTSystemInfo.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStrengthify.h"
+#import "Source/common/SNTSystemInfo.h"
 
 @interface SNTConfigurator ()
 /// A NSUserDefaults object set to use the com.google.santa suite.

Source/common/SNTDropRootPrivs.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTDropRootPrivs.h"
+#import "Source/common/SNTDropRootPrivs.h"
 
 BOOL DropRootPrivileges() {
   if (getuid() == 0 || geteuid() == 0 || getgid() == 0 || getegid() == 0) {

Source/common/SNTFileInfo.m

@@ -12,9 +12,10 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTFileInfo.h"
+#import "Source/common/SNTFileInfo.h"
 
 #import <CommonCrypto/CommonDigest.h>
+#import <fmdb/FMDB.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
 
 #include <mach-o/arch.h>
@@ -24,7 +25,6 @@
 #include <sys/stat.h>
 #include <sys/xattr.h>
 
-#import <fmdb/FMDB.h>
 
 // Simple class to hold the data of a mach_header and the offset within the file
 // in which that header was found.

Source/common/SNTFileInfoTest.m

@@ -14,7 +14,7 @@
 
 #import <XCTest/XCTest.h>
 
-#import "SNTFileInfo.h"
+#import "Source/common/SNTFileInfo.h"
 
 @interface SNTFileInfoTest : XCTestCase
 @end
@@ -23,12 +23,12 @@
 
 - (NSString *)directoryBundle {
   NSString *rp = [[NSBundle bundleForClass:[self class]] resourcePath];
-  return [rp stringByAppendingPathComponent:@"Tests/LogicTests/Resources/DirectoryBundle"];
+  return [rp stringByAppendingPathComponent:@"testdata/DirectoryBundle"];
 }
 
 - (NSString *)bundleExample {
   NSString *rp = [[NSBundle bundleForClass:[self class]] resourcePath];
-  return [rp stringByAppendingPathComponent:@"Tests/LogicTests/Resources/BundleExample.app"];
+  return [rp stringByAppendingPathComponent:@"testdata/BundleExample.app"];
 }
 
 - (void)testPathStandardizing {
@@ -149,12 +149,12 @@
 
   XCTAssertNotNil([sut bundle]);
 
-  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.LogicTests");
+  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.UnitTest.SNTFileInfoTest");
   XCTAssertNotNil([sut bundleVersion]);
   XCTAssertNotNil([sut bundleShortVersionString]);
 
   NSString *ancestorBundlePath = path;
-  for (int i = 0; i < 6; i++) {
+  for (int i = 0; i < 4; i++) {
     ancestorBundlePath = [ancestorBundlePath stringByDeletingLastPathComponent];
   }
   XCTAssertEqualObjects([sut bundlePath], ancestorBundlePath);
@@ -167,7 +167,7 @@
 
   XCTAssertNotNil([sut bundle]);
 
-  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.LogicTests");
+  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.UnitTest.SNTFileInfoTest");
   XCTAssertNotNil([sut bundleVersion]);
   XCTAssertNotNil([sut bundleShortVersionString]);
   XCTAssertEqualObjects([sut bundlePath], path);
@@ -208,12 +208,12 @@
 
   XCTAssertNotNil([sut bundle]);
 
-  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.LogicTests");
+  XCTAssertEqualObjects([sut bundleIdentifier], @"com.google.santa.UnitTest.SNTFileInfoTest");
   XCTAssertNotNil([sut bundleVersion]);
   XCTAssertNotNil([sut bundleShortVersionString]);
 
   NSString *ancestorBundlePath = path;
-  for (int i = 0; i < 6; i++) {
+  for (int i = 0; i < 4; i++) {
     ancestorBundlePath = [ancestorBundlePath stringByDeletingLastPathComponent];
   }
   XCTAssertEqualObjects([sut bundlePath], ancestorBundlePath);

Source/common/SNTLogging.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTLogging.h"
+#import "Source/common/SNTLogging.h"
 
 #import <asl.h>
 #import <pthread.h>

Source/common/SNTRule.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
+#import "Source/common/SNTCommonEnums.h"
 
 ///
 ///  Represents a Rule.

Source/common/SNTRule.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTRule.h"
+#import "Source/common/SNTRule.h"
 
 @interface SNTRule()
 @property(readwrite) NSUInteger timestamp;

Source/common/SNTStoredEvent.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
+#import "Source/common/SNTCommonEnums.h"
 
 ///
 ///  Represents an event stored in the database.

Source/common/SNTStoredEvent.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTStoredEvent.h"
 
 #import <MOLCertificate/MOLCertificate.h>
 

Source/common/SNTSystemInfo.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTSystemInfo.h"
+#import "Source/common/SNTSystemInfo.h"
 
 @implementation SNTSystemInfo
 

Source/common/SNTXPCBundleServiceInterface.m

@@ -12,9 +12,9 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCBundleServiceInterface.h"
+#import "Source/common/SNTXPCBundleServiceInterface.h"
 
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTStoredEvent.h"
 
 @implementation SNTXPCBundleServiceInterface
 

Source/common/SNTXPCControlInterface.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCUnprivilegedControlInterface.h"
+#import "Source/common/SNTXPCUnprivilegedControlInterface.h"
 
 ///
 ///  Protocol implemented by santad and utilized by santactl (privileged operations)

Source/common/SNTXPCControlInterface.m

@@ -12,12 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTXPCControlInterface.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTRule.h"
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTRule.h"
+#import "Source/common/SNTStoredEvent.h"
 
 @implementation SNTXPCControlInterface
 

Source/common/SNTXPCNotifierInterface.h

@@ -14,8 +14,8 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
-#import "SNTXPCBundleServiceInterface.h"
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SNTXPCBundleServiceInterface.h"
 
 @class SNTStoredEvent;
 

Source/common/SNTXPCNotifierInterface.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCNotifierInterface.h"
+#import "Source/common/SNTXPCNotifierInterface.h"
 
 @implementation SNTXPCNotifierInterface
 

Source/common/SNTXPCSyncdInterface.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
+#import "Source/common/SNTCommonEnums.h"
 
 @class SNTStoredEvent;
 

Source/common/SNTXPCSyncdInterface.m

@@ -12,9 +12,9 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCSyncdInterface.h"
+#import "Source/common/SNTXPCSyncdInterface.h"
 
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTStoredEvent.h"
 
 @implementation SNTXPCSyncdInterface
 

Source/common/SNTXPCUnprivilegedControlInterface.h

@@ -13,12 +13,11 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
 #import <MOLCertificate/MOLCertificate.h>
 
-#import "SNTCommonEnums.h"
-#import "SNTKernelCommon.h"
-#import "SNTXPCBundleServiceInterface.h"
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SNTKernelCommon.h"
+#import "Source/common/SNTXPCBundleServiceInterface.h"
 
 @class SNTRule;
 @class SNTStoredEvent;

Source/common/SNTXPCUnprivilegedControlInterface.m

@@ -12,12 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTXPCUnprivilegedControlInterface.h"
+#import "Source/common/SNTXPCUnprivilegedControlInterface.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTRule.h"
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTRule.h"
+#import "Source/common/SNTStoredEvent.h"
 
 @implementation SNTXPCUnprivilegedControlInterface
 

Source/santa-driver/BUILD

@@ -1,4 +1,9 @@
-load("@build_bazel_rules_apple//apple:macos.bzl", "macos_kernel_extension")
+load(
+    "@build_bazel_rules_apple//apple:macos.bzl",
+    "macos_command_line_application",
+    "macos_kernel_extension",
+)
+load("//:helper.bzl", "run_command", "santa_unit_test")
 load("//:version.bzl", "SANTA_VERSION")
 
 cc_library(
@@ -37,6 +42,26 @@ cc_library(
     alwayslink = 1,
 )
 
+santa_unit_test(
+    name = "SantaCacheTest",
+    srcs = [
+        "SantaCache.h",
+        "SantaCacheTest.mm",
+    ],
+    deps = ["//Source/common:SNTKernelCommon"],
+)
+
+santa_unit_test(
+    name = "SantaPrefixTreeTest",
+    srcs = [
+        "SantaPrefixTree.cc",
+        "SantaPrefixTree.h",
+        "SantaPrefixTreeTest.mm",
+    ],
+    copts = ["-std=c++1z"],
+    deps = ["//Source/common:SNTKernelCommon"],
+)
+
 # Full santa-driver.kext containing all Santa components
 macos_kernel_extension(
     name = "santa-driver",
@@ -47,7 +72,7 @@ macos_kernel_extension(
         "//Source/santad": "MacOS",
     },
     bundle_id = "com.google.santa-driver",
-    infoplists = ["Resources/santa-driver-Info.plist"],
+    infoplists = ["Info.plist"],
     minimum_os_version = "10.9",
     version = "//:version",
     visibility = ["//visibility:public"],
@@ -58,9 +83,48 @@ macos_kernel_extension(
 macos_kernel_extension(
     name = "santa-driver_min",
     bundle_id = "com.google.santa-driver",
-    infoplists = ["Resources/santa-driver-Info.plist"],
+    infoplists = ["Info.plist"],
     minimum_os_version = "10.9",
     version = "//:version",
     visibility = ["//visibility:public"],
     deps = [":santa-driver_lib"],
 )
+
+objc_library(
+    name = "kernel_tests_lib",
+    srcs = ["kernel_tests.mm"],
+    sdk_frameworks = [
+        "Foundation",
+        "IOKit",
+    ],
+    deps = ["//Source/common:SNTKernelCommon"],
+)
+
+macos_command_line_application(
+    name = "kernel_tests_bin",
+    bundle_id = "com.google.santa.KernelTests",
+    minimum_os_version = "10.9",
+    deps = [":kernel_tests_lib"],
+)
+
+run_command(
+    name = "kernel_tests",
+    srcs = [
+        ":kernel_tests_bin",
+        "//Source/santa-driver:santa-driver_min",
+    ],
+    cmd = """
+env
+function sigint() {
+  echo "\nInterrupted, unloading driver."
+  sudo kextunload -b com.google.santa-driver >/dev/null
+  exit 1
+}
+unzip -o $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/Source/santa-driver/santa-driver.zip >/dev/null
+echo "Launching Kernel Tests as root. You may be prompted for your sudo password."
+trap sigint INT
+sudo $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/Source/santa-driver/kernel_tests_bin
+echo "Tests complete, unloading driver."
+sudo kextunload -b com.google.santa-driver >/dev/null
+""",
+)

Source/santa-driver/SantaCache.h

@@ -20,7 +20,7 @@
 #include <stdint.h>
 #include <sys/cdefs.h>
 
-#include "SNTKernelCommon.h"
+#include "Source/common/SNTKernelCommon.h"
 
 #ifdef KERNEL
 #include <IOKit/IOLib.h>

Source/santa-driver/SantaCacheTest.mm

@@ -18,7 +18,7 @@
 #include <string>
 #include <vector>
 
-#include "SantaCache.h"
+#include "Source/santa-driver/SantaCache.h"
 
 @interface SantaCacheTest : XCTestCase
 @end

Source/santa-driver/SantaDecisionManager.cc

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SantaDecisionManager.h"
+#include "Source/santa-driver/SantaDecisionManager.h"
 
 // This is a made-up KAUTH_FILEOP constant which represents a
 // KAUTH_VNODE_WRITE_DATA event that gets passed to SantaDecisionManager's

Source/santa-driver/SantaDecisionManager.h

@@ -23,10 +23,10 @@
 #include <sys/proc.h>
 #include <sys/vnode.h>
 
-#include "SantaCache.h"
-#include "SantaPrefixTree.h"
-#include "SNTKernelCommon.h"
-#include "SNTLogging.h"
+#include "Source/common/SNTKernelCommon.h"
+#include "Source/common/SNTLogging.h"
+#include "Source/santa-driver/SantaCache.h"
+#include "Source/santa-driver/SantaPrefixTree.h"
 
 ///
 ///  SantaDecisionManager is responsible for intercepting Vnode execute actions

Source/santa-driver/SantaDriver.cc

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SantaDriver.h"
+#include "Source/santa-driver/SantaDriver.h"
 
 #define super IOService
 #define SantaDriver com_google_SantaDriver

Source/santa-driver/SantaDriver.h

@@ -18,8 +18,8 @@
 #include <IOKit/IOService.h>
 #include <libkern/OSKextLib.h>
 
-#include "SNTLogging.h"
-#include "SantaDecisionManager.h"
+#include "Source/common/SNTLogging.h"
+#include "Source/santa-driver/SantaDecisionManager.h"
 
 ///
 ///  The driver class, which provides the start/stop functions and holds

Source/santa-driver/SantaDriverClient.cc

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SantaDriverClient.h"
+#include "Source/santa-driver/SantaDriverClient.h"
 
 #define super IOUserClient
 #define SantaDriverClient com_google_SantaDriverClient

Source/santa-driver/SantaDriverClient.h

@@ -20,9 +20,9 @@
 #include <sys/proc.h>
 #include <sys/vnode.h>
 
-#include "SNTKernelCommon.h"
-#include "SantaDecisionManager.h"
-#include "SantaDriver.h"
+#include "Source/common/SNTKernelCommon.h"
+#include "Source/santa-driver/SantaDecisionManager.h"
+#include "Source/santa-driver/SantaDriver.h"
 
 ///
 ///  This class is instantiated by IOKit when a new client process attempts to

Source/santa-driver/SantaPrefixTree.cc

@@ -12,13 +12,15 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SantaPrefixTree.h"
+#include "Source/santa-driver/SantaPrefixTree.h"
 
 #ifdef KERNEL
 #include <libkern/locks.h>
 
-#include "SNTLogging.h"
+#include "Source/common/SNTLogging.h"
 #else
+#include <string.h>
+
 #define LOGD(format, ...) // NOP
 #define LOGE(format, ...) // NOP
 

Source/santa-driver/SantaPrefixTreeTest.mm

@@ -14,7 +14,7 @@
 
 #import <XCTest/XCTest.h>
 
-#include "SantaPrefixTree.h"
+#include "Source/santa-driver/SantaPrefixTree.h"
 
 @interface SantaPrefixTreeTest : XCTestCase
 @end

Source/santa-driver/kernel_tests.mm

@@ -29,7 +29,7 @@
 #include <sys/types.h>
 #include <vector>
 
-#include "SNTKernelCommon.h"
+#include "Source/common/SNTKernelCommon.h"
 
 ///
 /// Kernel Extension Tests

Source/santabs/SNTBundleService.m

@@ -17,10 +17,9 @@
 #include <stdatomic.h>
 
 #import <CommonCrypto/CommonDigest.h>
-#import <pthread/pthread.h>
-
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
+#import <pthread/pthread.h>
 
 #import "Source/common/SNTFileInfo.h"
 #import "Source/common/SNTStoredEvent.h"

Source/santabs/main.m

@@ -13,7 +13,6 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "Source/santabs/SNTBundleService.h"

Source/santactl/BUILD

@@ -1,4 +1,5 @@
 load("@build_bazel_rules_apple//apple:macos.bzl", "macos_command_line_application")
+load("//:helper.bzl", "santa_unit_test")
 
 objc_library(
     name = "santactl_lib",
@@ -40,12 +41,6 @@ objc_library(
             "Commands/SNTCommandFlushCache.m",
         ],
     }),
-    includes = [
-        ".",
-        "../common",
-        "./Commands",
-        "./Commands/sync",
-    ],
     sdk_dylibs = ["libz"],
     sdk_frameworks = ["IOKit"],
     deps = [
@@ -75,9 +70,77 @@ objc_library(
 macos_command_line_application(
     name = "santactl",
     bundle_id = "com.google.santactl",
-    infoplists = ["Resources/santactl-Info.plist"],
+    infoplists = ["Info.plist"],
     minimum_os_version = "10.9",
     version = "//:version",
     visibility = ["//visibility:public"],
     deps = [":santactl_lib"],
 )
+
+santa_unit_test(
+    name = "SNTCommandFileInfoTest",
+    srcs = [
+        "SNTCommand.h",
+        "SNTCommand.m",
+        "SNTCommandController.h",
+        "SNTCommandController.m",
+        "Commands/SNTCommandFileInfo.m",
+        "Commands/SNTCommandFileInfoTest.m",
+    ],
+    deps = [
+        "//Source/common:SNTCachedDecision",
+        "//Source/common:SNTFileInfo",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTXPCControlInterface",
+        "@MOLCertificate",
+        "@MOLCodesignChecker",
+        "@MOLXPCConnection",
+        "@OCMock",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTCommandSyncTest",
+    srcs = [
+        "SNTCommand.h",
+        "SNTcommand.m",
+        "SNTcommandController.h",
+        "SNTcommandController.m",
+        "Commands/sync/NSData+Zlib.h",
+        "Commands/sync/NSData+Zlib.m",
+        "Commands/sync/SNTCommandSync.m",
+        "Commands/sync/SNTCommandSyncConstants.h",
+        "Commands/sync/SNTCommandSyncConstants.m",
+        "Commands/sync/SNTCommandSyncEventUpload.h",
+        "Commands/sync/SNTCommandSyncEventUpload.m",
+        "Commands/sync/SNTCommandSyncManager.h",
+        "Commands/sync/SNTCommandSyncManager.m",
+        "Commands/sync/SNTCommandSyncPostflight.h",
+        "Commands/sync/SNTCommandSyncPostflight.m",
+        "Commands/sync/SNTCommandSyncPreflight.h",
+        "Commands/sync/SNTCommandSyncPreflight.m",
+        "Commands/sync/SNTCommandSyncRuleDownload.h",
+        "Commands/sync/SNTCommandSyncRuleDownload.m",
+        "Commands/sync/SNTCommandSyncStage.h",
+        "Commands/sync/SNTCommandSyncStage.m",
+        "Commands/sync/SNTCommandSyncState.h",
+        "Commands/sync/SNTCommandSyncState.m",
+    ],
+    deps = [
+        "//Source/common:SNTCommonEnums",
+        "//Source/common:SNTConfigurator",
+        "//Source/common:SNTDropRootPrivs",
+        "//Source/common:SNTFileInfo",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTRule",
+        "//Source/common:SNTStoredEvent",
+        "//Source/common:SNTXPCControlInterface",
+        "//Source/common:SNTXPCSyncdInterface",
+        "@MOLAuthenticatingURLSession",
+        "@MOLFCMClient",
+        "@MOLXPCConnection",
+        "@OCMock",
+    ],
+    sdk_dylibs = ["libz"],
+)
+

Source/santactl/Commands/SNTCommandBundleInfo.m

@@ -12,15 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTFileInfo.h"
-#import "SNTLogging.h"
-#import "SNTStoredEvent.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 #ifdef DEBUG
 

Source/santactl/Commands/SNTCommandCacheHistogram.m

@@ -15,14 +15,12 @@
 #ifdef DEBUG
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTLogging.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 @interface SNTCommandCacheHistogram : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/SNTCommandCheckCache.m

@@ -13,17 +13,16 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTLogging.h"
-#import "SNTXPCControlInterface.h"
-
 #include <sys/stat.h>
 
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
+
+
 #ifdef DEBUG
 
 @interface SNTCommandCheckCache : SNTCommand<SNTCommandProtocol>

Source/santactl/Commands/SNTCommandFileInfo.m

@@ -13,20 +13,18 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
-#import <objc/runtime.h>
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
+#import <objc/runtime.h>
 
-#import "SNTCachedDecision.h"
-#import "SNTFileInfo.h"
-#import "SNTLogging.h"
-#import "SNTRule.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTCachedDecision.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTRule.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 // file info keys
 static NSString *const kPath = @"Path";

Source/santactl/Commands/SNTCommandFileInfoTest.m

@@ -12,14 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import <XCTest/XCTest.h>
-
-#import <OCMock/OCMock.h>
-
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
+#import <OCMock/OCMock.h>
+#import <XCTest/XCTest.h>
 
-#import "SNTFileInfo.h"
+#import "Source/common/SNTFileInfo.h"
 
 @interface SNTCommandFileInfo : NSObject
 

Source/santactl/Commands/SNTCommandFlushCache.m

@@ -15,14 +15,12 @@
 #ifdef DEBUG
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTLogging.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 @interface SNTCommandFlushCache : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/SNTCommandRule.m

@@ -12,21 +12,20 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
+
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTConfigurator.h"
-#import "SNTDropRootPrivs.h"
-#import "SNTFileInfo.h"
-#include "SNTLogging.h"
-#import "SNTRule.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTDropRootPrivs.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTRule.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 @interface SNTCommandRule : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/SNTCommandStatus.m

@@ -13,14 +13,12 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTConfigurator.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 @interface SNTCommandStatus : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/SNTCommandVersion.m

@@ -14,15 +14,13 @@
 
 #import <Foundation/Foundation.h>
 #import <IOKit/kext/KextManager.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTCommonEnums.h"
-#import "SNTFileInfo.h"
-#import "SNTKernelCommon.h"
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTKernelCommon.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
 
 @interface SNTCommandVersion : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/sync/SNTCommandSync.m

@@ -13,17 +13,15 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
-
-#import "SNTCommand.h"
-#import "SNTCommandController.h"
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTCommandSyncManager.h"
-#import "SNTConfigurator.h"
-#import "SNTDropRootPrivs.h"
-#import "SNTLogging.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTDropRootPrivs.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/SNTCommand.h"
+#import "Source/santactl/SNTCommandController.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncManager.h"
 
 @interface SNTCommandSync : SNTCommand<SNTCommandProtocol>
 @property MOLXPCConnection *listener;

Source/santactl/Commands/sync/SNTCommandSyncEventUpload.m

@@ -12,19 +12,18 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncEventUpload.h"
-
-#include "SNTLogging.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncEventUpload.h"
 
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "NSData+Zlib.h"
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncState.h"
-#import "SNTFileInfo.h"
-#import "SNTStoredEvent.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/Commands/sync/NSData+Zlib.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 @implementation SNTCommandSyncEventUpload
 

Source/santactl/Commands/sync/SNTCommandSyncManager.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTXPCSyncdInterface.h"
+#import "Source/common/SNTXPCSyncdInterface.h"
 
 @class MOLXPCConnection;
 

Source/santactl/Commands/sync/SNTCommandSyncManager.m

@@ -12,27 +12,26 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncManager.h"
-
-#import <SystemConfiguration/SystemConfiguration.h>
+#import "Source/santactl/Commands/sync/SNTCommandSyncManager.h"
 
 #import <MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.h>
 #import <MOLFCMClient/MOLFCMClient.h>
 #import <MOLXPCConnection/MOLXPCConnection.h>
+#import <SystemConfiguration/SystemConfiguration.h>
 
-#import "SNTConfigurator.h"
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncEventUpload.h"
-#import "SNTCommandSyncPostflight.h"
-#import "SNTCommandSyncPreflight.h"
-#import "SNTCommandSyncRuleDownload.h"
-#import "SNTCommandSyncState.h"
-#import "SNTCommonEnums.h"
-#import "SNTLogging.h"
-#import "SNTStoredEvent.h"
-#import "SNTStrengthify.h"
-#import "SNTXPCControlInterface.h"
-#import "SNTXPCSyncdInterface.h"
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTStrengthify.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/common/SNTXPCSyncdInterface.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncEventUpload.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncPostflight.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncPreflight.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 static NSString *const kFCMActionKey = @"action";
 static NSString *const kFCMFileHashKey = @"file_hash";

Source/santactl/Commands/sync/SNTCommandSyncPostflight.m

@@ -12,15 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncPostflight.h"
-
-#include "SNTLogging.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncPostflight.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncState.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 @implementation SNTCommandSyncPostflight
 

Source/santactl/Commands/sync/SNTCommandSyncPreflight.m

@@ -12,18 +12,17 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncPreflight.h"
-
-#include "SNTKernelCommon.h"
-#include "SNTLogging.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncPreflight.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncState.h"
-#import "SNTConfigurator.h"
-#import "SNTSystemInfo.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTKernelCommon.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTSystemInfo.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 @implementation SNTCommandSyncPreflight
 

Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.h

@@ -14,8 +14,9 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommandSyncStage.h"
-#import "SNTRule.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncStage.h"
+
+@class SNTRule;
 
 @interface SNTCommandSyncRuleDownload : SNTCommandSyncStage
 - (SNTRule *)ruleFromDictionary:(NSDictionary *)dict;

Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.m

@@ -12,16 +12,15 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncRuleDownload.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncState.h"
-#import "SNTRule.h"
-#import "SNTXPCControlInterface.h"
-
-#include "SNTLogging.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTRule.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 @implementation SNTCommandSyncRuleDownload
 

Source/santactl/Commands/sync/SNTCommandSyncStage.m

@@ -12,15 +12,15 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandSyncStage.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncStage.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "NSData+Zlib.h"
-#import "SNTCommandSyncConstants.h"
-#import "SNTCommandSyncState.h"
-#import "SNTLogging.h"
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/santactl/Commands/sync/NSData+Zlib.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncConstants.h"
+#import "Source/santactl/Commands/sync/SNTCommandSyncState.h"
 
 @interface SNTCommandSyncStage ()
 

Source/santactl/Commands/sync/SNTCommandSyncState.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommonEnums.h"
+#import "Source/common/SNTCommonEnums.h"
 
 @class SNTCommandSyncManager;
 @class MOLXPCConnection;

Source/santactl/SNTCommand.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommand.h"
+#import "Source/santactl/SNTCommand.h"
 
 @implementation SNTCommand
 

Source/santactl/SNTCommandController.h

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommand.h"
+#import "Source/santactl/SNTCommand.h"
 
 @class MOLXPCConnection;
 

Source/santactl/SNTCommandController.m

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTCommandController.h"
+#import "Source/santactl/SNTCommandController.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
-#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTXPCControlInterface.h"
 
 @implementation SNTCommandController
 

Source/santactl/main.m

@@ -14,7 +14,7 @@
 
 #import <Foundation/Foundation.h>
 
-#import "SNTCommandController.h"
+#import "Source/santactl/SNTCommandController.h"
 
 ///
 ///  santactl is a command-line utility for managing Santa.

Source/santad/BUILD

@@ -1,4 +1,5 @@
 load("@build_bazel_rules_apple//apple:macos.bzl", "macos_command_line_application")
+load("//:helper.bzl", "santa_unit_test")
 
 objc_library(
     name = "santad_lib",
@@ -68,3 +69,85 @@ macos_command_line_application(
     visibility = ["//visibility:public"],
     deps = [":santad_lib"],
 )
+
+santa_unit_test(
+    name = "SNTExecutionControllerTest",
+    srcs = [
+        "DataLayer/SNTDatabaseTable.h",
+        "DataLayer/SNTDatabaseTable.m",
+        "DataLayer/SNTEventTable.h",
+        "DataLayer/SNTEventTable.m",
+        "DataLayer/SNTRuleTable.h",
+        "DataLayer/SNTRuleTable.m",
+        "Logs/SNTEventLog.h",
+        "Logs/SNTEventLog.m",
+        "SNTDatabaseController.h",
+        "SNTDatabaseController.m",
+        "SNTDriverManager.h",
+        "SNTDriverManager.m",
+        "SNTExecutionController.h",
+        "SNTExecutionController.m",
+        "SNTExecutionControllerTest.m",
+        "SNTNotificationQueue.h",
+        "SNTNotificationQueue.m",
+        "SNTPolicyProcessor.h",
+        "SNTPolicyProcessor.m",
+        "SNTSyncdQueue.h",
+        "SNTSyncdQueue.m",
+    ],
+    deps = [
+        "//Source/common:SNTBlockMessage",
+        "//Source/common:SNTCachedDecision",
+        "//Source/common:SNTCommonEnums",
+        "//Source/common:SNTDropRootPrivs",
+        "//Source/common:SNTFileInfo",
+        "//Source/common:SNTKernelCommon",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTRule",
+        "//Source/common:SNTXPCNotifierInterface",
+        "//Source/common:SNTXPCSyncdInterface",
+        "@MOLCodesignChecker",
+        "@MOLXPCConnection",
+        "@OCMock",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTEventTableTest",
+    srcs = [
+        "DataLayer/SNTDatabaseTable.h",
+        "DataLayer/SNTDatabaseTable.m",
+        "DataLayer/SNTEventTable.h",
+        "DataLayer/SNTEventTable.m",
+        "DataLayer/SNTEventTableTest.m",
+    ],
+    deps = [
+        "//Source/common:SNTFileInfo",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTStoredEvent",
+        "@FMDB",
+        "@MOLCertificate",
+        "@MOLCodesignChecker",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTRuleTableTest",
+    srcs = [
+        "DataLayer/SNTDatabaseTable.h",
+        "DataLayer/SNTDatabaseTable.m",
+        "DataLayer/SNTRuleTable.h",
+        "DataLayer/SNTRuleTable.m",
+        "DataLayer/SNTRuleTableTest.m",
+    ],
+    deps = [
+        "//Source/common:SNTCachedDecision",
+        "//Source/common:SNTConfigurator",
+        "//Source/common:SNTFileInfo",
+        "//Source/common:SNTLogging",
+        "//Source/common:SNTRule",
+        "@FMDB",
+        "@MOLCertificate",
+        "@MOLCodesignChecker",
+    ],
+)

Source/santad/DataLayer/SNTEventTableTest.m

@@ -12,13 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
+#import <MOLCodesignChecker/MOLCodesignChecker.h>
 #import <XCTest/XCTest.h>
 
-#import <MOLCodesignChecker/MOLCodesignChecker.h>
-
-#import "SNTEventTable.h"
-#import "SNTFileInfo.h"
-#import "SNTStoredEvent.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/santad/DataLayer/SNTEventTable.h"
 
 /// This test case actually tests SNTEventTable and SNTStoredEvent.
 ///

Source/santad/DataLayer/SNTRuleTableTest.m

@@ -12,13 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import <XCTest/XCTest.h>
-
-#import "SNTRule.h"
-#import "SNTRuleTable.h"
-
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <XCTest/XCTest.h>
+
+#import "Source/common/SNTRule.h"
+#import "Source/santad/DataLayer/SNTRuleTable.h"
 
 @interface SNTRuleTable (Testing)
 @property NSString *santadCertSHA;

Source/santad/SNTApplication.m

@@ -15,27 +15,26 @@
 #import "Source/santad/SNTApplication.h"
 
 #import <DiskArbitration/DiskArbitration.h>
-
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "Source/common/SNTCommonEnums.h"
-#import "Source/santad/SNTCompilerController.h"
 #import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTDropRootPrivs.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTXPCControlInterface.h"
+#import "Source/common/SNTXPCNotifierInterface.h"
+#import "Source/common/SNTXPCUnprivilegedControlInterface.h"
+#import "Source/santad/SNTCompilerController.h"
 #import "Source/santad/SNTDaemonControlController.h"
 #import "Source/santad/SNTDatabaseController.h"
 #import "Source/santad/SNTDriverManager.h"
-#import "Source/common/SNTDropRootPrivs.h"
-#import "Source/santad/DataLayer/SNTEventTable.h"
 #import "Source/santad/SNTExecutionController.h"
-#import "Source/santad/Logs/SNTFileEventLog.h"
-#import "Source/common/SNTLogging.h"
 #import "Source/santad/SNTNotificationQueue.h"
-#import "Source/santad/DataLayer/SNTRuleTable.h"
 #import "Source/santad/SNTSyncdQueue.h"
+#import "Source/santad/DataLayer/SNTRuleTable.h"
+#import "Source/santad/DataLayer/SNTEventTable.h"
+#import "Source/santad/Logs/SNTFileEventLog.h"
 #import "Source/santad/Logs/SNTSyslogEventLog.h"
-#import "Source/common/SNTXPCControlInterface.h"
-#import "Source/common/SNTXPCUnprivilegedControlInterface.h"
-#import "Source/common/SNTXPCNotifierInterface.h"
 
 @interface SNTApplication ()
 @property DASessionRef diskArbSession;

Source/santad/SNTDaemonControlController.m

@@ -28,12 +28,12 @@
 #import "Source/common/SNTXPCSyncdInterface.h"
 #import "Source/santad/SNTDatabaseController.h"
 #import "Source/santad/SNTDriverManager.h"
-#import "Source/santad/Logs/SNTEventLog.h"
-#import "Source/santad/DataLayer/SNTEventTable.h"
 #import "Source/santad/SNTNotificationQueue.h"
 #import "Source/santad/SNTPolicyProcessor.h"
-#import "Source/santad/DataLayer/SNTRuleTable.h"
 #import "Source/santad/SNTSyncdQueue.h"
+#import "Source/santad/DataLayer/SNTEventTable.h"
+#import "Source/santad/DataLayer/SNTRuleTable.h"
+#import "Source/santad/Logs/SNTEventLog.h"
 
 // Globals used by the santad watchdog thread
 uint64_t watchdogCPUEvents = 0;

Source/santad/SNTExecutionController.m

@@ -31,12 +31,12 @@
 #import "Source/common/SNTRule.h"
 #import "Source/common/SNTStoredEvent.h"
 #import "Source/santad/SNTDriverManager.h"
-#import "Source/santad/Logs/SNTEventLog.h"
-#import "Source/santad/DataLayer/SNTEventTable.h"
 #import "Source/santad/SNTNotificationQueue.h"
 #import "Source/santad/SNTPolicyProcessor.h"
-#import "Source/santad/DataLayer/SNTRuleTable.h"
 #import "Source/santad/SNTSyncdQueue.h"
+#import "Source/santad/DataLayer/SNTEventTable.h"
+#import "Source/santad/DataLayer/SNTRuleTable.h"
+#import "Source/santad/Logs/SNTEventLog.h"
 
 // A binary is considered large at ~30MB. Large binaries take longer to hash and consequently
 // longer to post a decision back to santa-driver. When a binary is considered large santad will

Source/santad/SNTExecutionControllerTest.m

@@ -12,21 +12,19 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import <XCTest/XCTest.h>
-
-#import <OCMock/OCMock.h>
-
-#import "SNTExecutionController.h"
-
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <OCMock/OCMock.h>
+#import <XCTest/XCTest.h>
 
-#import "SNTConfigurator.h"
-#import "SNTDriverManager.h"
-#import "SNTEventTable.h"
-#import "SNTFileInfo.h"
-#import "SNTRule.h"
-#import "SNTRuleTable.h"
+#import "Source/santad/SNTExecutionController.h"
+
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTFileInfo.h"
+#import "Source/common/SNTRule.h"
+#import "Source/santad/SNTDriverManager.h"
+#import "Source/santad/DataLayer/SNTEventTable.h"
+#import "Source/santad/DataLayer/SNTRuleTable.h"
 
 @interface SNTExecutionControllerTest : XCTestCase
 @property id mockConfigurator;

Source/santad/SNTPolicyProcessor.h

@@ -13,12 +13,11 @@
 ///    limitations under the License.
 
 #import <Foundation/Foundation.h>
+#import <MOLCertificate/MOLCertificate.h>
 
 #import "Source/common/SNTCommonEnums.h"
 #import "Source/common/SNTKernelCommon.h"
 
-#import <MOLCertificate/MOLCertificate.h>
-
 @class SNTCachedDecision;
 @class SNTFileInfo;
 @class SNTRuleTable;

Tests/KernelTests/BUILD

@@ -1,43 +0,0 @@
-load("@build_bazel_rules_apple//apple:macos.bzl", "macos_command_line_application")
-load("//:cmd.bzl", "run_command")
-
-objc_library(
-    name = "kernel_tests_lib",
-    srcs = [
-        "Source/common/SNTKernelCommon.h",
-        "Tests/KernelTests/main.mm",
-    ],
-    includes = ["Source/common"],
-    sdk_frameworks = [
-        "Foundation",
-        "IOKit",
-    ],
-)
-
-macos_command_line_application(
-    name = "kernel_tests_bin",
-    bundle_id = "com.google.santa.KernelTests",
-    minimum_os_version = "10.9",
-    deps = [":kernel_tests_lib"],
-)
-
-run_command(
-    name = "kernel_tests",
-    srcs = [
-        ":kernel_tests_bin",
-        ":santa-driver",
-    ],
-    cmd = """
-function sigint() {
-  echo "\nInterrupted, unloading driver."
-  sudo kextunload -b com.google.santa-driver >/dev/null
-  exit 1
-}
-unzip -o $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/santa-driver.zip >/dev/null
-echo "Launching Kernel Tests as root. You may be prompted for your sudo password."
-trap sigint INT
-sudo $${BUILD_WORKSPACE_DIRECTORY}/bazel-bin/kernel_tests_bin
-echo "Tests complete, unloading driver."
-sudo kextunload -b com.google.santa-driver >/dev/null
-""",
-)

Tests/LogicTests/BUILD

@@ -1,53 +0,0 @@
-load("@build_bazel_rules_apple//apple:macos.bzl", "macos_unit_test")
-
-objc_library(
-    name = "logic_tests_lib",
-    testonly = 1,
-    srcs = glob([
-        "Source/**/*.h",
-        "Source/**/*.m",
-        "Tests/LogicTests/*.m",
-    ]),
-    includes = [
-        "Source/common",
-        "Source/santabs",
-        "Source/santactl",
-        "Source/santactl/Commands",
-        "Source/santactl/Commands/sync",
-        "Source/santad",
-        "Source/santad/DataLayer",
-        "Source/santad/Logs",
-    ],
-    resources = glob(
-        ["Tests/LogicTests/Resources/**"],
-        exclude = [
-            "**/BundleExample.app/**",
-            "**/DirectoryBundle/**",
-        ],
-    ),
-    sdk_dylibs = ["libz"],
-    sdk_frameworks = [
-        "AppKit",
-        "DiskArbitration",
-        "IOKit",
-        "SecurityInterface",
-    ],
-    structured_resources = glob([
-        "Tests/LogicTests/Resources/BundleExample.app/**",
-        "Tests/LogicTests/Resources/DirectoryBundle/**",
-    ]),
-    deps = [
-        "@FMDB//:fmdb",
-        "@MOLCodesignChecker",
-        "@MOLFCMClient",
-        "@MOLXPCConnection",
-        "@OCMock",
-    ],
-)
-
-macos_unit_test(
-    name = "logic_tests",
-    bundle_id = "com.google.santa.LogicTests",
-    minimum_os_version = "10.9",
-    deps = [":logic_tests_lib"],
-)

Tests/LogicTests/Resources/Tests-Info.plist

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>CFBundleDevelopmentRegion</key>
-	<string>en</string>
-	<key>CFBundleExecutable</key>
-	<string>${EXECUTABLE_NAME}</string>
-	<key>CFBundleIdentifier</key>
-	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
-	<key>CFBundleInfoDictionaryVersion</key>
-	<string>6.0</string>
-	<key>CFBundlePackageType</key>
-	<string>BNDL</string>
-	<key>CFBundleShortVersionString</key>
-	<string>1.0</string>
-	<key>CFBundleSignature</key>
-	<string>????</string>
-	<key>CFBundleVersion</key>
-	<string>1</string>
-</dict>
-</plist>

Tests/LogicTests/Resources/dn.plist

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<array>
-	<data>
-	MIGcMQswCQYDVQQGEwJVUzERMA8GA1UECAwIVGhlIE1vb24xEjAQBgNVBAcMCU1vb24g
-	QmFzZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMSkwJwYDVQQLDCBB
-	d2Vzb21lIEF1dGhlbnRpY2F0aW9uIEF1dGhvcml0eTEYMBYGA1UEAwwPYXV0aC5zZXJ2
-	ZXIuY29t
-	</data>
-</array>
-</plist>

WORKSPACE

@@ -8,7 +8,7 @@ load("@bazel_tools//tools/build_defs/repo:git.bzl",
 git_repository(
     name = "build_bazel_rules_apple",
     remote = "https://github.com/bazelbuild/rules_apple.git",
-    tag = "0.12.0",
+    commit = "46611296946be1eb0fe2e7e46b8b26b4662606b3",
 )
 
 load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependencies")

cmd.bzl

@@ -1,15 +0,0 @@
-"""This module runs a command."""
-
-def run_command(name, cmd, **kwargs):
-    """A rule to run a command."""
-    native.genrule(
-        name = "%s__gen" % name,
-        executable = True,
-        outs = ["%s.sh" % name],
-        cmd = "echo '#!/bin/bash' > $@ && echo '%s' >> $@" % cmd,
-        **kwargs
-    )
-    native.sh_binary(
-        name = name,
-        srcs = ["%s.sh" % name],
-    )

helper.bzl

@@ -0,0 +1,42 @@
+"""This module defines some helper rules."""
+
+def run_command(name, cmd, **kwargs):
+    """A rule to run a command."""
+    native.genrule(
+        name = "%s__gen" % name,
+        executable = True,
+        outs = ["%s.sh" % name],
+        cmd = "echo '#!/bin/bash' > $@ && echo '%s' >> $@" % cmd,
+        **kwargs
+    )
+    native.sh_binary(
+        name = name,
+        srcs = ["%s.sh" % name],
+    )
+
+load("@build_bazel_rules_apple//apple:macos.bzl", "macos_unit_test")
+
+def santa_unit_test(name,
+                    srcs = [],
+                    deps = [],
+                    size = "medium",
+                    minimum_os_version = "10.9",
+                    copts = [],
+                    **kwargs):
+  native.objc_library(
+      name = "%s_lib" % name,
+      testonly = 1,
+      srcs = srcs,
+      deps = deps,
+      copts = copts,
+      **kwargs
+  )
+
+  macos_unit_test(
+      name = "%s" % name,
+      bundle_id = "com.google.santa.UnitTest.%s" % name,
+      minimum_os_version = minimum_os_version,
+      deps = [":%s_lib" % name],
+      size = size,
+  )
+