Use special profiles for Portmaster components and mark them as internal
This commit is contained in:
Daniel
@@ -228,6 +228,12 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
|
||||
Started: timestamp,
|
||||
Ended: timestamp,
|
||||
}
|
||||
|
||||
// Inherit internal status of profile.
|
||||
if localProfile := proc.Profile().LocalProfile(); localProfile != nil {
|
||||
dnsConn.Internal = localProfile.Internal
|
||||
}
|
||||
|
||||
return dnsConn
|
||||
}
|
||||
|
||||
@@ -238,7 +244,7 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
|
||||
}
|
||||
|
||||
timestamp := time.Now().Unix()
|
||||
return &Connection{
|
||||
dnsConn := &Connection{
|
||||
Scope: fqdn,
|
||||
Entity: &intel.Entity{
|
||||
Domain: fqdn,
|
||||
@@ -248,7 +254,14 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
|
||||
ProcessContext: getProcessContext(ctx, remoteHost),
|
||||
Started: timestamp,
|
||||
Ended: timestamp,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Inherit internal status of profile.
|
||||
if localProfile := remoteHost.Profile().LocalProfile(); localProfile != nil {
|
||||
dnsConn.Internal = localProfile.Internal
|
||||
}
|
||||
|
||||
return dnsConn, nil
|
||||
}
|
||||
|
||||
// NewConnectionFromFirstPacket returns a new connection based on the given packet.
|
||||
@@ -335,7 +348,8 @@ func NewConnectionFromFirstPacket(pkt packet.Packet) *Connection {
|
||||
}
|
||||
}
|
||||
|
||||
return &Connection{
|
||||
// Create new connection object.
|
||||
newConn := &Connection{
|
||||
ID: pkt.GetConnectionID(),
|
||||
Scope: scope,
|
||||
IPVersion: pkt.Info().Version,
|
||||
@@ -352,6 +366,13 @@ func NewConnectionFromFirstPacket(pkt packet.Packet) *Connection {
|
||||
Started: time.Now().Unix(),
|
||||
ProfileRevisionCounter: proc.Profile().RevisionCnt(),
|
||||
}
|
||||
|
||||
// Inherit internal status of profile.
|
||||
if localProfile := proc.Profile().LocalProfile(); localProfile != nil {
|
||||
newConn.Internal = localProfile.Internal
|
||||
}
|
||||
|
||||
return newConn
|
||||
}
|
||||
|
||||
// GetConnection fetches a Connection from the database.
|
||||
|
||||
@@ -1,17 +1,30 @@
|
||||
package process
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/safing/portbase/modules"
|
||||
"github.com/safing/portmaster/updates"
|
||||
)
|
||||
|
||||
var (
|
||||
module *modules.Module
|
||||
module *modules.Module
|
||||
updatesPath string
|
||||
)
|
||||
|
||||
func init() {
|
||||
module = modules.Register("processes", prep, nil, nil, "profiles")
|
||||
module = modules.Register("processes", prep, start, nil, "profiles")
|
||||
}
|
||||
|
||||
func prep() error {
|
||||
return registerConfiguration()
|
||||
}
|
||||
|
||||
func start() error {
|
||||
updatesPath = updates.RootPath() + string(os.PathSeparator)
|
||||
if updatesPath != "" {
|
||||
updatesPath += string(os.PathSeparator)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package process
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/safing/portbase/log"
|
||||
"github.com/safing/portmaster/profile"
|
||||
@@ -38,6 +39,16 @@ func (p *Process) GetProfile(ctx context.Context) (changed bool, err error) {
|
||||
profileID = profile.SystemProfileID
|
||||
case ownPID:
|
||||
profileID = profile.PortmasterProfileID
|
||||
default:
|
||||
// Check if this is another Portmaster component.
|
||||
if updatesPath != "" && strings.HasPrefix(p.Path, updatesPath) {
|
||||
switch {
|
||||
case strings.Contains(p.Path, "portmaster-app"):
|
||||
profileID = profile.PortmasterAppProfileID
|
||||
case strings.Contains(p.Path, "portmaster-notifier"):
|
||||
profileID = profile.PortmasterNotifierProfileID
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Get the (linked) local profile.
|
||||
|
||||
@@ -2,30 +2,16 @@ package profile
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/safing/portbase/database"
|
||||
|
||||
"github.com/safing/portbase/dataroot"
|
||||
|
||||
"github.com/safing/portbase/database/query"
|
||||
"github.com/safing/portbase/database/record"
|
||||
"github.com/safing/portbase/log"
|
||||
"golang.org/x/sync/singleflight"
|
||||
)
|
||||
|
||||
const (
|
||||
// UnidentifiedProfileID is the profile ID used for unidentified processes.
|
||||
UnidentifiedProfileID = "_unidentified"
|
||||
|
||||
// SystemProfileID is the profile ID used for the system/kernel.
|
||||
SystemProfileID = "_system"
|
||||
|
||||
// SystemProfileID is the profile ID used for the Portmaster itself.
|
||||
PortmasterProfileID = "_portmaster"
|
||||
)
|
||||
|
||||
var getProfileSingleInflight singleflight.Group
|
||||
|
||||
// GetProfile fetches a profile. This function ensures that the loaded profile
|
||||
@@ -69,15 +55,8 @@ func GetProfile(source profileSource, id, linkedPath string) ( //nolint:gocognit
|
||||
// If we cannot find a profile, check if the request is for a special
|
||||
// profile we can create.
|
||||
if errors.Is(err, database.ErrNotFound) {
|
||||
switch id {
|
||||
case UnidentifiedProfileID:
|
||||
profile = New(SourceLocal, UnidentifiedProfileID, linkedPath)
|
||||
err = nil
|
||||
case SystemProfileID:
|
||||
profile = New(SourceLocal, SystemProfileID, linkedPath)
|
||||
err = nil
|
||||
case PortmasterProfileID:
|
||||
profile = New(SourceLocal, PortmasterProfileID, linkedPath)
|
||||
profile = getSpecialProfile(id, linkedPath)
|
||||
if profile != nil {
|
||||
err = nil
|
||||
}
|
||||
}
|
||||
@@ -177,7 +156,7 @@ func findProfile(linkedPath string) (profile *Profile, err error) {
|
||||
|
||||
// Check if the profile should be marked as internal.
|
||||
// This is the case whenever the binary resides within the data root dir.
|
||||
if strings.HasPrefix(linkedPath, dataroot.Root().Dir+string(os.PathSeparator)) {
|
||||
if updatesPath != "" && strings.HasPrefix(linkedPath, updatesPath) {
|
||||
profile.Internal = true
|
||||
}
|
||||
|
||||
|
||||
@@ -1,17 +1,21 @@
|
||||
package profile
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/safing/portbase/log"
|
||||
|
||||
"github.com/safing/portbase/modules"
|
||||
|
||||
// module dependencies
|
||||
_ "github.com/safing/portmaster/core/base"
|
||||
"github.com/safing/portmaster/updates"
|
||||
_ "github.com/safing/portmaster/updates" // dependency of semi-dependency filterlists
|
||||
)
|
||||
|
||||
var (
|
||||
module *modules.Module
|
||||
module *modules.Module
|
||||
updatesPath string
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -33,6 +37,11 @@ func prep() error {
|
||||
}
|
||||
|
||||
func start() error {
|
||||
updatesPath = updates.RootPath() + string(os.PathSeparator)
|
||||
if updatesPath != "" {
|
||||
updatesPath += string(os.PathSeparator)
|
||||
}
|
||||
|
||||
err := registerValidationDBHook()
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -394,7 +394,7 @@ func (profile *Profile) UpdateMetadata(processName, binaryPath string) (changed
|
||||
}
|
||||
|
||||
// Update LinkedPath if if differs from the process path.
|
||||
// This will (at the moment) only be the case for the Portmaster profile.
|
||||
// This will be the case for profiles that are assigned in a special way.
|
||||
if profile.LinkedPath != binaryPath {
|
||||
profile.LinkedPath = binaryPath
|
||||
changed = true
|
||||
|
||||
61
profile/special.go
Normal file
61
profile/special.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package profile
|
||||
|
||||
const (
|
||||
// UnidentifiedProfileID is the profile ID used for unidentified processes.
|
||||
UnidentifiedProfileID = "_unidentified"
|
||||
|
||||
// SystemProfileID is the profile ID used for the system/kernel.
|
||||
SystemProfileID = "_system"
|
||||
|
||||
// PortmasterProfileID is the profile ID used for the Portmaster Core itself.
|
||||
PortmasterProfileID = "_portmaster"
|
||||
|
||||
// PortmasterAppProfileID is the profile ID used for the Portmaster App.
|
||||
PortmasterAppProfileID = "_portmaster-app"
|
||||
|
||||
// PortmasterNotifierProfileID is the profile ID used for the Portmaster Notifier.
|
||||
PortmasterNotifierProfileID = "_portmaster-notifier"
|
||||
)
|
||||
|
||||
func getSpecialProfile(profileID, linkedPath string) *Profile {
|
||||
switch profileID {
|
||||
case UnidentifiedProfileID:
|
||||
return New(SourceLocal, UnidentifiedProfileID, linkedPath)
|
||||
|
||||
case SystemProfileID:
|
||||
return New(SourceLocal, SystemProfileID, linkedPath)
|
||||
|
||||
case PortmasterProfileID:
|
||||
profile := New(SourceLocal, PortmasterProfileID, linkedPath)
|
||||
profile.Name = "Portmaster Core Service"
|
||||
profile.Internal = true
|
||||
return profile
|
||||
|
||||
case PortmasterAppProfileID:
|
||||
profile := New(SourceLocal, PortmasterAppProfileID, linkedPath)
|
||||
profile.Name = "Portmaster User Interface"
|
||||
profile.Internal = true
|
||||
profile.Config = map[string]interface{}{
|
||||
CfgOptionDefaultActionKey: "block",
|
||||
CfgOptionEndpointsKey: []string{
|
||||
"+ Localhost",
|
||||
},
|
||||
}
|
||||
return profile
|
||||
|
||||
case PortmasterNotifierProfileID:
|
||||
profile := New(SourceLocal, PortmasterNotifierProfileID, linkedPath)
|
||||
profile.Name = "Portmaster Notifier"
|
||||
profile.Internal = true
|
||||
profile.Config = map[string]interface{}{
|
||||
CfgOptionDefaultActionKey: "block",
|
||||
CfgOptionEndpointsKey: []string{
|
||||
"+ Localhost",
|
||||
},
|
||||
}
|
||||
return profile
|
||||
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user