Use a special profile for system resolvers

2021-03-20 22:32:44 +01:00
parent fbf666ee68
commit a38f546da8
4 changed files with 48 additions and 0 deletions
--- a/process/process.go
+++ b/process/process.go
@@ -44,6 +44,10 @@ type Process struct {
 	CmdLine   string
 	FirstArg  string

+	// SpecialDetail holds special information, the meaning of which can change
+	// based on any of the previous attributes.
+	SpecialDetail string
+
 	LocalProfileKey string
 	profile         *profile.LayeredProfile

@@ -65,6 +69,24 @@ func (p *Process) Profile() *profile.LayeredProfile {
 	return p.profile
 }

+// IsSystemResolver is a shortcut to check if the process is or belongs to the
+// system resolver and needs special handling.
+func (p *Process) IsSystemResolver() bool {
+	// Check if process exists.
+	if p == nil {
+		return false
+	}
+
+	// Check if local profile exists.
+	localProfile := p.profile.LocalProfile()
+	if localProfile == nil {
+		return false
+	}
+
+	// Check ID.
+	return localProfile.ID == profile.SystemResolverProfileID
+}
+
 // GetLastSeen returns the unix timestamp when the process was last seen.
 func (p *Process) GetLastSeen() int64 {
 	p.Lock()
--- a/process/process_windows.go
+++ b/process/process_windows.go
@@ -18,6 +18,7 @@ func (p *Process) specialOSInit() {
 		switch err {
 		case nil:
 			p.Name += fmt.Sprintf(" (%s)", svcNames)
+			p.SpecialDetail = svcNames
 		case osdetail.ErrServiceNotFound:
 			log.Tracef("process: failed to get service name for svchost.exe (pid %d): %s", p.Pid, err)
 		default:
--- a/process/profile.go
+++ b/process/profile.go
@@ -3,6 +3,7 @@ package process
 import (
 	"context"
 	"os"
+	"runtime"
 	"strings"

 	"github.com/safing/portbase/log"
@@ -54,6 +55,20 @@ func (p *Process) GetProfile(ctx context.Context) (changed bool, err error) {
 				// sure that we won't kill any of our own things.
 			}
 		}
+		// Check if this is the system resolver.
+		switch runtime.GOOS {
+		case "windows":
+			if (p.Path == `C:\Windows\System32\svchost.exe` || p.Path == `C:\Windows\system32\svchost.exe`) &&
+				(strings.Contains(p.SpecialDetail, "Dnscache") || strings.Contains(p.CmdLine, "-k NetworkService")) {
+				profileID = profile.SystemResolverProfileID
+			}
+		case "linux":
+			switch p.Path {
+			case "/lib/systemd/systemd-resolved",
+				"/usr/lib/systemd/systemd-resolved":
+				profileID = profile.SystemResolverProfileID
+			}
+		}
 	}

 	// Get the (linked) local profile.