improved "is from app store" detection

Application/Application.xcodeproj/project.pbxproj

@@ -39,7 +39,7 @@
 		CD8FD5FA23C05AD900EFE0FB /* Rules.xib in Resources */ = {isa = PBXBuildFile; fileRef = CD8FD5F523C05AD900EFE0FB /* Rules.xib */; };
 		CD8FD5FD23C05C6900EFE0FB /* Rule.m in Sources */ = {isa = PBXBuildFile; fileRef = CD8FD5FC23C05C6900EFE0FB /* Rule.m */; };
 		CDA88A792537CE2400C469BF /* Sentry.framework in CopyFiles */ = {isa = PBXBuildFile; fileRef = CD21501B20AD2EE000CEF17B /* Sentry.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
-		CDB964CE27D0774800A9674E /* BlockBlock Installer.app in Resources */ = {isa = PBXBuildFile; fileRef = CDB964CD27D0774800A9674E /* BlockBlock Installer.app */; };
+		CDB964D027D0871D00A9674E /* BlockBlock Installer.app in Resources */ = {isa = PBXBuildFile; fileRef = CDB964CF27D0871D00A9674E /* BlockBlock Installer.app */; };
 		CDFA08E1214900BF0089758C /* XPCUser.m in Sources */ = {isa = PBXBuildFile; fileRef = CDFA08DF214900BF0089758C /* XPCUser.m */; };
 /* End PBXBuildFile section */
 
@@ -114,7 +114,7 @@
 		CD8FD5F523C05AD900EFE0FB /* Rules.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = Rules.xib; sourceTree = "<group>"; };
 		CD8FD5FB23C05C6900EFE0FB /* Rule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Rule.h; path = ../Shared/Rule.h; sourceTree = "<group>"; };
 		CD8FD5FC23C05C6900EFE0FB /* Rule.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Rule.m; path = ../Shared/Rule.m; sourceTree = "<group>"; };
-		CDB964CD27D0774800A9674E /* BlockBlock Installer.app */ = {isa = PBXFileReference; lastKnownFileType = wrapper.application; name = "BlockBlock Installer.app"; path = "../DerivedData/BlockBlock/Build/Products/Release/BlockBlock Installer.app"; sourceTree = "<group>"; };
+		CDB964CF27D0871D00A9674E /* BlockBlock Installer.app */ = {isa = PBXFileReference; lastKnownFileType = wrapper.application; name = "BlockBlock Installer.app"; path = "../DerivedData/BlockBlock/Build/Products/Release/BlockBlock Installer.app"; sourceTree = "<group>"; };
 		CDFA08D7214606DB0089758C /* XPCDaemonProto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XPCDaemonProto.h; path = ../Shared/XPCDaemonProto.h; sourceTree = "<group>"; };
 		CDFA08DB21460A400089758C /* XPCUserProto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XPCUserProto.h; path = ../Shared/XPCUserProto.h; sourceTree = "<group>"; };
 		CDFA08DF214900BF0089758C /* XPCUser.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = XPCUser.m; path = ../Shared/XPCUser.m; sourceTree = "<group>"; };
@@ -244,7 +244,7 @@
 		CD80B7E327C6E49100AD7BC1 /* Uninstaller */ = {
 			isa = PBXGroup;
 			children = (
-				CDB964CD27D0774800A9674E /* BlockBlock Installer.app */,
+				CDB964CF27D0871D00A9674E /* BlockBlock Installer.app */,
 			);
 			name = Uninstaller;
 			sourceTree = "<group>";
@@ -346,7 +346,7 @@
 				CD2F801724468A8C009C3D77 /* patrons.txt in Resources */,
 				CD8FD5FA23C05AD900EFE0FB /* Rules.xib in Resources */,
 				7D7755F01F02E05B00D0017D /* MainMenu.xib in Resources */,
-				CDB964CE27D0774800A9674E /* BlockBlock Installer.app in Resources */,
+				CDB964D027D0871D00A9674E /* BlockBlock Installer.app in Resources */,
 				7DD25FF01F23B73C00277EC4 /* Assets.xcassets in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;

Daemon/Daemon/Plugins/Processes.m

@@ -153,12 +153,13 @@ -(BOOL)shouldIgnore:(Process*)process
         }
     }
 
-    //is from app store?
+    //is an app store app?
     // ignore, as it's trusted (though not 'notarized' per se)
-    if(nil != appBundle.appStoreReceiptURL)
+    if( (noErr == [process.signingInfo[KEY_SIGNATURE_STATUS] intValue]) &&
+        (AppStore == [process.signingInfo[KEY_SIGNATURE_SIGNER] intValue]) )
     {
         //dbg msg
-        logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%@ has an app store receipt, will allow", process.name]);
+        logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%@ is from the app store ...will allow", process.name]);
 
         //done
         goto bail;

Installer/Installer.xcodeproj/project.pbxproj

@@ -350,7 +350,7 @@
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 			shellPath = /bin/sh;
-			shellScript = "if [[ $BUILT_PRODUCTS_DIR = *\"ArchiveIntermediates\"* ]]; then\n    cp -R -f \"$PROJECT_TEMP_ROOT/UninstalledProducts/macosx/BlockBlock.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n    cp -R -f \"$PROJECT_TEMP_ROOT/UninstalledProducts/macosx/BlockBlock Helper.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n    \n#normal build\nelse\n\nrm -rf  \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources/BlockBlock.app\"\nrm -rf  \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources/BlockBlock Helper.app\"\n\n#cp daemon/app\ncp -R -f \"$BUILT_PRODUCTS_DIR/BlockBlock.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\ncp -R -f \"$BUILT_PRODUCTS_DIR/BlockBlock Helper.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n\nfi\n";
+			shellScript = "#archive build\nif [[ $BUILT_PRODUCTS_DIR = *\"ArchiveIntermediates\"* ]]; then\n    cp -R -f \"$PROJECT_TEMP_ROOT/UninstalledProducts/macosx/BlockBlock.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n    cp -R -f \"$PROJECT_TEMP_ROOT/UninstalledProducts/macosx/BlockBlock Helper.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n    \n#normal build\nelse\n\nrm -rf  \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources/BlockBlock.app\"\nrm -rf  \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources/BlockBlock Helper.app\"\n\n#cp daemon/app\ncp -R -f \"$BUILT_PRODUCTS_DIR/BlockBlock.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\ncp -R -f \"$BUILT_PRODUCTS_DIR/BlockBlock Helper.app\" \"$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources\"\n\nfi\n";
 		};
 /* End PBXShellScriptBuildPhase section */
 

Shared/utilities.h

@@ -36,6 +36,9 @@ int qtn_file_init_with_path(qtn_file_t qf, const char *path);
 //get quarantine flags
 uint32_t getQuarantineFlags(NSString* path);
 
+//mach time to nano-seconds
+uint64_t machTimeToNanoseconds(uint64_t machTime);
+
 #endif
 
 /* FUNCTIONS */
@@ -155,9 +158,6 @@ BOOL isFileRestricted(NSString* file);
 // if so, return a default ('unknown') value
 NSString* valueForStringItem(NSString* item);
 
-//mach time to nano-seconds
-uint64_t machTimeToNanoseconds(uint64_t machTime);
-
 //determine if path is translocated
 // thanks: http://lapcatsoftware.com/articles/detect-app-translocation.html
 BOOL isTranslocated(NSString* path);

Shared/utilities.m

@@ -1787,6 +1787,8 @@ BOOL isTranslocated(NSString* path)
     return isTranslocated;
 }
 
+#ifdef DAEMON_BUILD
+
 //mach time to nanoseconds
 // from: https://developer.apple.com/documentation/apple-silicon/addressing-architectural-differences-in-your-macos-code
 uint64_t machTimeToNanoseconds(uint64_t machTime)
@@ -1801,8 +1803,6 @@ uint64_t machTimeToNanoseconds(uint64_t machTime)
     return nanoseconds;
 }
 
-#ifdef DAEMON_BUILD
-
 //get items quarantine flags
 // thanks: https://trac.webkit.org/changeset/281056/webkit
 uint32_t getQuarantineFlags(NSString* path)