Documentation

Index

Constants

View Source
const (
	SourceLocal      profileSource = "local"   // local, editable
	SourceSpecial    profileSource = "special" // specials (read-only)
	SourceNetwork    profileSource = "network"
	SourceCommunity  profileSource = "community"
	SourceEnterprise profileSource = "enterprise"
)

    Profile Sources

    View Source
    const (
    	DefaultActionNotSet uint8 = 0
    	DefaultActionBlock  uint8 = 1
    	DefaultActionAsk    uint8 = 2
    	DefaultActionPermit uint8 = 3
    )

      Default Action IDs

      View Source
      const (
      	IconTypeFile     iconType = "path"
      	IconTypeDatabase iconType = "database"
      	IconTypeBlob     iconType = "blob"
      )

        Supported icon types.

        View Source
        const (
        	// UnidentifiedProfileID is the profile ID used for unidentified processes.
        	UnidentifiedProfileID = "_unidentified"
        	// UnidentifiedProfileName is the name used for unidentified processes.
        	UnidentifiedProfileName = "Unidentified Processes"
        
        	// SystemProfileID is the profile ID used for the system/kernel.
        	SystemProfileID = "_system"
        	// SystemProfileName is the name used for the system/kernel.
        	SystemProfileName = "Operating System"
        
        	// PortmasterProfileID is the profile ID used for the Portmaster Core itself.
        	PortmasterProfileID = "_portmaster"
        	// PortmasterProfileName is the name used for the Portmaster Core itself.
        	PortmasterProfileName = "Portmaster Core Service"
        
        	// PortmasterAppProfileID is the profile ID used for the Portmaster App.
        	PortmasterAppProfileID = "_portmaster-app"
        	// PortmasterAppProfileName is the name used for the Portmaster App.
        	PortmasterAppProfileName = "Portmaster User Interface"
        
        	// PortmasterNotifierProfileID is the profile ID used for the Portmaster Notifier.
        	PortmasterNotifierProfileID = "_portmaster-notifier"
        	// PortmasterNotifierProfileName is the name used for the Portmaster Notifier.
        	PortmasterNotifierProfileName = "Portmaster Notifier"
        )

        Variables

        View Source
        var (
        	CfgOptionDefaultActionKey = "filter/defaultAction"
        
        	CfgOptionBlockScopeInternetKey = "filter/blockInternet"
        
        	CfgOptionBlockScopeLANKey = "filter/blockLAN"
        
        	CfgOptionBlockScopeLocalKey = "filter/blockLocal"
        
        	CfgOptionBlockP2PKey = "filter/blockP2P"
        
        	CfgOptionBlockInboundKey = "filter/blockInbound"
        
        	CfgOptionEndpointsKey = "filter/endpoints"
        
        	CfgOptionServiceEndpointsKey = "filter/serviceEndpoints"
        
        	CfgOptionFilterListsKey = "filter/lists"
        
        	CfgOptionFilterSubDomainsKey = "filter/includeSubdomains"
        
        	CfgOptionFilterCNAMEKey = "filter/includeCNAMEs"
        
        	CfgOptionRemoveOutOfScopeDNSKey = "filter/removeOutOfScopeDNS"
        
        	CfgOptionRemoveBlockedDNSKey = "filter/removeBlockedDNS"
        
        	CfgOptionDomainHeuristicsKey = "filter/domainHeuristics"
        
        	CfgOptionPreventBypassingKey = "filter/preventBypassing"
        
        	CfgOptionDisableAutoPermitKey = "filter/disableAutoPermit"
        
        	CfgOptionUseSPNKey = "spn/useSPN"
        )

          Configuration Keys.

          Functions

          This section is empty.

          Types

          type LayeredProfile

          type LayeredProfile struct {
          	record.Base
          	sync.RWMutex
          
          	LayerIDs        []string
          	RevisionCounter uint64
          
          	DisableAutoPermit   config.BoolOption `json:"-"`
          	BlockScopeLocal     config.BoolOption `json:"-"`
          	BlockScopeLAN       config.BoolOption `json:"-"`
          	BlockScopeInternet  config.BoolOption `json:"-"`
          	BlockP2P            config.BoolOption `json:"-"`
          	BlockInbound        config.BoolOption `json:"-"`
          	RemoveOutOfScopeDNS config.BoolOption `json:"-"`
          	RemoveBlockedDNS    config.BoolOption `json:"-"`
          	FilterSubDomains    config.BoolOption `json:"-"`
          	FilterCNAMEs        config.BoolOption `json:"-"`
          	PreventBypassing    config.BoolOption `json:"-"`
          	DomainHeuristics    config.BoolOption `json:"-"`
          	UseSPN              config.BoolOption `json:"-"`
          	// contains filtered or unexported fields
          }

            LayeredProfile combines multiple Profiles.

            func NewLayeredProfile

            func NewLayeredProfile(localProfile *Profile) *LayeredProfile

              NewLayeredProfile returns a new layered profile based on the given local profile.

              func (*LayeredProfile) DefaultAction

              func (lp *LayeredProfile) DefaultAction() uint8

                DefaultAction returns the active default action ID. This functions requires the layered profile to be read locked.

                func (*LayeredProfile) GetProfileSource

                func (lp *LayeredProfile) GetProfileSource(configKey string) string

                  GetProfileSource returns the database key of the first profile in the layers that has the given configuration key set. If it returns an empty string, the global profile can be assumed to have been effective.

                  func (*LayeredProfile) LocalProfile

                  func (lp *LayeredProfile) LocalProfile() *Profile

                    LocalProfile returns the local profile associated with this layered profile.

                    func (*LayeredProfile) LockForUsage

                    func (lp *LayeredProfile) LockForUsage()

                      LockForUsage locks the layered profile, including all layers individually.

                      func (*LayeredProfile) MarkStillActive

                      func (lp *LayeredProfile) MarkStillActive()

                        MarkStillActive marks all the layers as still active.

                        func (*LayeredProfile) MarkUsed

                        func (lp *LayeredProfile) MarkUsed()

                          MarkUsed marks the localProfile as used.

                          func (*LayeredProfile) MatchEndpoint

                          func (lp *LayeredProfile) MatchEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)

                            MatchEndpoint checks if the given endpoint matches an entry in any of the profiles. This functions requires the layered profile to be read locked.

                            func (*LayeredProfile) MatchFilterLists

                            func (lp *LayeredProfile) MatchFilterLists(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)

                              MatchFilterLists matches the entity against the set of filter lists. This functions requires the layered profile to be read locked.

                              func (*LayeredProfile) MatchServiceEndpoint

                              func (lp *LayeredProfile) MatchServiceEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)

                                MatchServiceEndpoint checks if the given endpoint of an inbound connection matches an entry in any of the profiles. This functions requires the layered profile to be read locked.

                                func (*LayeredProfile) NeedsUpdate

                                func (lp *LayeredProfile) NeedsUpdate() (outdated bool)

                                  NeedsUpdate checks for outdated profiles.

                                  func (*LayeredProfile) RevisionCnt

                                  func (lp *LayeredProfile) RevisionCnt() (revisionCounter uint64)

                                    RevisionCnt returns the current profile revision counter.

                                    func (*LayeredProfile) SecurityLevel

                                    func (lp *LayeredProfile) SecurityLevel() uint8

                                      SecurityLevel returns the highest security level of all layered profiles. This function is atomic and does not require any locking.

                                      func (*LayeredProfile) UnlockForUsage

                                      func (lp *LayeredProfile) UnlockForUsage()

                                        UnlockForUsage unlocks the layered profile, including all layers individually.

                                        func (*LayeredProfile) Update

                                        func (lp *LayeredProfile) Update() (revisionCounter uint64)

                                          Update checks for and replaces any outdated profiles.

                                          type Profile

                                          type Profile struct {
                                          	record.Base
                                          	sync.RWMutex
                                          
                                          	// ID is a unique identifier for the profile.
                                          	ID string // constant
                                          	// Source describes the source of the profile.
                                          	Source profileSource // constant
                                          	// Name is a human readable name of the profile. It
                                          	// defaults to the basename of the application.
                                          	Name string
                                          	// Description may holds an optional description of the
                                          	// profile or the purpose of the application.
                                          	Description string
                                          	// Homepage may refer the the website of the application
                                          	// vendor.
                                          	Homepage string
                                          	// Icon holds the icon of the application. The value
                                          	// may either be a filepath, a database key or a blob URL.
                                          	// See IconType for more information.
                                          	Icon string
                                          	// IconType describes the type of the Icon property.
                                          	IconType iconType
                                          	// LinkedPath is a filesystem path to the executable this
                                          	// profile was created for.
                                          	LinkedPath string // constant
                                          	// LinkedProfiles is a list of other profiles
                                          	LinkedProfiles []string
                                          	// SecurityLevel is the mininum security level to apply to
                                          	// connections made with this profile.
                                          	// Note(ppacher): we may deprecate this one as it can easily
                                          	//			      be "simulated" by adjusting the settings
                                          	//				  directly.
                                          	SecurityLevel uint8
                                          	// Config holds profile specific setttings. It's a nested
                                          	// object with keys defining the settings database path. All keys
                                          	// until the actual settings value (which is everything that is not
                                          	// an object) need to be concatenated for the settings database
                                          	// path.
                                          	Config map[string]interface{}
                                          	// ApproxLastUsed holds a UTC timestamp in seconds of
                                          	// when this Profile was approximately last used.
                                          	// For performance reasons not every single usage is saved.
                                          	ApproxLastUsed int64
                                          	// Created holds the UTC timestamp in seconds when the
                                          	// profile has been created.
                                          	Created int64
                                          
                                          	// Internal is set to true if the profile is attributed to a
                                          	// Portmaster internal process. Internal is set during profile
                                          	// creation and may be accessed without lock.
                                          	Internal bool
                                          	// contains filtered or unexported fields
                                          }

                                            Profile is used to predefine a security profile for applications.

                                            func EnsureProfile

                                            func EnsureProfile(r record.Record) (*Profile, error)

                                              EnsureProfile ensures that the given record is a *Profile, and returns it.

                                              func GetProfile

                                              func GetProfile(source profileSource, id, linkedPath string) (
                                              	profile *Profile,
                                              	err error,
                                              )

                                                GetProfile fetches a profile. This function ensures that the loaded profile is shared among all callers. You must always supply both the scopedID and linkedPath parameters whenever available. The linkedPath is used as the key for locking concurrent requests, so it must be supplied if available. If linkedPath is not supplied, source and id make up the key instead.

                                                func New

                                                func New(
                                                	source profileSource,
                                                	id string,
                                                	linkedPath string,
                                                	customConfig map[string]interface{},
                                                ) *Profile

                                                  New returns a new Profile. Optionally, you may supply custom configuration in the flat (key=value) form.

                                                  func (*Profile) AddEndpoint

                                                  func (profile *Profile) AddEndpoint(newEntry string)

                                                    AddEndpoint adds an endpoint to the endpoint list, saves the profile and reloads the configuration.

                                                    func (*Profile) AddServiceEndpoint

                                                    func (profile *Profile) AddServiceEndpoint(newEntry string)

                                                      AddServiceEndpoint adds a service endpoint to the endpoint list, saves the profile and reloads the configuration.

                                                      func (*Profile) IsOutdated

                                                      func (profile *Profile) IsOutdated() bool

                                                        IsOutdated returns whether the this instance of the profile is marked as outdated.

                                                        func (*Profile) LastActive

                                                        func (profile *Profile) LastActive() int64

                                                          LastActive returns the unix timestamp when the profile was last marked as still active.

                                                          func (*Profile) LayeredProfile

                                                          func (profile *Profile) LayeredProfile() *LayeredProfile

                                                            LayeredProfile returns the layered profile associated with this profile.

                                                            func (*Profile) MarkStillActive

                                                            func (profile *Profile) MarkStillActive()

                                                              MarkStillActive marks the profile as still active.

                                                              func (*Profile) MarkUsed

                                                              func (profile *Profile) MarkUsed() (changed bool)

                                                                MarkUsed updates ApproxLastUsed when it's been a while and saves the profile if it was changed.

                                                                func (*Profile) Save

                                                                func (profile *Profile) Save() error

                                                                  Save saves the profile to the database

                                                                  func (*Profile) ScopedID

                                                                  func (profile *Profile) ScopedID() string

                                                                    ScopedID returns the scoped ID (Source + ID) of the profile.

                                                                    func (*Profile) String

                                                                    func (profile *Profile) String() string

                                                                      String returns a string representation of the Profile.

                                                                      func (*Profile) UpdateMetadata

                                                                      func (profile *Profile) UpdateMetadata(binaryPath string) (changed bool)

                                                                        UpdateMetadata updates meta data fields on the profile and returns whether the profile was changed. If there is data that needs to be fetched from the operating system, it will start an async worker to fetch that data and save the profile afterwards.

                                                                        Directories

                                                                        Path Synopsis