[service] Fix windows permissions

base/config/main.go

@@ -144,9 +144,9 @@ func InitializeUnitTestDataroot(testName string) (string, error) {
 		return "", fmt.Errorf("failed to make tmp dir: %w", err)
 	}
 
-	ds := utils.NewDirStructure(basePath, 0o0755)
+	ds := utils.NewDirStructure(basePath, utils.PublicReadPermission)
 	SetDataRoot(ds)
-	err = dataroot.Initialize(basePath, 0o0755)
+	err = dataroot.Initialize(basePath, utils.PublicReadPermission)
 	if err != nil {
 		return "", fmt.Errorf("failed to initialize dataroot: %w", err)
 	}

base/database/main.go

@@ -25,7 +25,7 @@ var (
 
 // InitializeWithPath initializes the database at the specified location using a path.
 func InitializeWithPath(dirPath string) error {
-	return Initialize(utils.NewDirStructure(dirPath, 0o0755))
+	return Initialize(utils.NewDirStructure(dirPath, utils.PublicReadPermission))
 }
 
 // Initialize initializes the database at the specified location using a dir structure.
@@ -34,7 +34,7 @@ func Initialize(dirStructureRoot *utils.DirStructure) error {
 		rootStructure = dirStructureRoot
 
 		// ensure root and databases dirs
-		databasesStructure = rootStructure.ChildDir(databasesSubDir, 0o0700)
+		databasesStructure = rootStructure.ChildDir(databasesSubDir, utils.AdminOnlyPermission)
 		err := databasesStructure.Ensure()
 		if err != nil {
 			return fmt.Errorf("could not create/open database directory (%s): %w", rootStructure.Path, err)
@@ -67,7 +67,7 @@ func Shutdown() (err error) {
 
 // getLocation returns the storage location for the given name and type.
 func getLocation(name, storageType string) (string, error) {
-	location := databasesStructure.ChildDir(name, 0o0700).ChildDir(storageType, 0o0700)
+	location := databasesStructure.ChildDir(name, utils.AdminOnlyPermission).ChildDir(storageType, utils.AdminOnlyPermission)
 	// check location
 	err := location.Ensure()
 	if err != nil {

base/database/storage/fstree/fstree.go

@@ -289,11 +289,8 @@ func writeFile(filename string, data []byte, perm os.FileMode) error {
 	defer t.Cleanup() //nolint:errcheck
 
 	// Set permissions before writing data, in case the data is sensitive.
-	if onWindows {
+	// TODO(vladimir): to set permissions on windows we need the full path of the file.
-		err = acl.Chmod(filename, perm)
+	err = t.Chmod(perm)
-	} else {
-		err = t.Chmod(perm)
-	}
 	if err != nil {
 		return err
 	}

base/dataroot/root.go

@@ -2,7 +2,6 @@ package dataroot
 
 import (
 	"errors"
-	"os"
 
 	"github.com/safing/portmaster/base/utils"
 )
@@ -10,7 +9,7 @@ import (
 var root *utils.DirStructure
 
 // Initialize initializes the data root directory.
-func Initialize(rootDir string, perm os.FileMode) error {
+func Initialize(rootDir string, perm utils.FSPermission) error {
 	if root != nil {
 		return errors.New("already initialized")
 	}

base/updater/fetch.go

@@ -14,10 +14,10 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/hectane/go-acl"
 	"github.com/safing/jess/filesig"
 	"github.com/safing/jess/lhash"
 	"github.com/safing/portmaster/base/log"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/base/utils/renameio"
 )
 
@@ -137,17 +137,10 @@ func (reg *ResourceRegistry) fetchFile(ctx context.Context, client *http.Client,
 		return fmt.Errorf("%s: failed to finalize file %s: %w", reg.Name, rv.storagePath(), err)
 	}
 	// set permissions
-	if onWindows {
+	// TODO: distinguish between executable and non executable files.
-		err = acl.Chmod(rv.storagePath(), 0o0755)
+	err = utils.SetExecPermission(rv.storagePath(), utils.PublicReadPermission)
-		if err != nil {
+	if err != nil {
-			log.Warningf("%s: failed to set permissions on downloaded file %s: %s", reg.Name, rv.storagePath(), err)
+		log.Warningf("%s: failed to set permissions on downloaded file %s: %s", reg.Name, rv.storagePath(), err)
-		}
-	} else {
-		// TODO: only set executable files to 0755, set other to 0644
-		err = os.Chmod(rv.storagePath(), 0o0755) //nolint:gosec // See TODO above.
-		if err != nil {
-			log.Warningf("%s: failed to set permissions on downloaded file %s: %s", reg.Name, rv.storagePath(), err)
-		}
 	}
 
 	log.Debugf("%s: fetched %s and stored to %s", reg.Name, downloadURL, rv.storagePath())

base/updater/registry.go

@@ -98,7 +98,7 @@ func (reg *ResourceRegistry) Initialize(storageDir *utils.DirStructure) error {
 
 	// initialize private attributes
 	reg.storageDir = storageDir
-	reg.tmpDir = storageDir.ChildDir("tmp", 0o0700)
+	reg.tmpDir = storageDir.ChildDir("tmp", utils.AdminOnlyPermission)
 	reg.resources = make(map[string]*Resource)
 	if reg.state == nil {
 		reg.state = &RegistryState{}

base/utils/fs.go

@@ -6,15 +6,13 @@ import (
 	"io/fs"
 	"os"
 	"runtime"
-
-	"github.com/hectane/go-acl"
 )
 
 const isWindows = runtime.GOOS == "windows"
 
 // EnsureDirectory ensures that the given directory exists and that is has the given permissions set.
 // If path is a file, it is deleted and a directory created.
-func EnsureDirectory(path string, perm os.FileMode) error {
+func EnsureDirectory(path string, perm FSPermission) error {
 	// open path
 	f, err := os.Stat(path)
 	if err == nil {
@@ -23,10 +21,10 @@ func EnsureDirectory(path string, perm os.FileMode) error {
 			// directory exists, check permissions
 			if isWindows {
 				// Ignore windows permission error. For none admin users it will always fail.
-				acl.Chmod(path, perm)
+				SetDirPermission(path, perm)
 				return nil
-			} else if f.Mode().Perm() != perm {
+			} else if f.Mode().Perm() != perm.AsUnixDirExecPermission() {
-				return os.Chmod(path, perm)
+				return SetDirPermission(path, perm)
 			}
 			return nil
 		}
@@ -37,17 +35,16 @@ func EnsureDirectory(path string, perm os.FileMode) error {
 	}
 	// file does not exist (or has been deleted)
 	if err == nil || errors.Is(err, fs.ErrNotExist) {
-		err = os.Mkdir(path, perm)
+		err = os.Mkdir(path, perm.AsUnixDirExecPermission())
 		if err != nil {
 			return fmt.Errorf("could not create dir %s: %w", path, err)
 		}
+		// Set windows permissions. Linux permission where already set with creation.
 		if isWindows {
 			// Ignore windows permission error. For none admin users it will always fail.
-			acl.Chmod(path, perm)
+			SetDirPermission(path, perm)
-			return nil
-		} else {
-			return os.Chmod(path, perm)
 		}
+		return nil
 	}
 	// other error opening path
 	return fmt.Errorf("failed to access %s: %w", path, err)

base/utils/permissions.go

@@ -0,0 +1,20 @@
+//go:build !windows
+
+package utils
+
+import "os"
+
+// SetDirPermission sets the permission of a directory.
+func SetDirPermission(path string, perm FSPermission) error {
+	return os.Chmod(path, perm.AsUnixDirExecPermission())
+}
+
+// SetExecPermission sets the permission of an executable file.
+func SetExecPermission(path string, perm FSPermission) error {
+	return SetDirPermission(path, perm)
+}
+
+// SetFilePermission sets the permission of a non executable file.
+func SetFilePermission(path string, perm FSPermission) error {
+	return os.Chmod(path, perm.AsUnixFilePermission())
+}

base/utils/permissions_windows.go

@@ -0,0 +1,35 @@
+//go:build windows
+
+package utils
+
+import (
+	"github.com/hectane/go-acl"
+	"golang.org/x/sys/windows"
+)
+
+func SetDirPermission(path string, perm FSPermission) error {
+	setWindowsFilePermissions(path, perm)
+	return nil
+}
+
+// SetExecPermission sets the permission of an executable file.
+func SetExecPermission(path string, perm FSPermission) error {
+	return SetDirPermission(path, perm)
+}
+
+func setWindowsFilePermissions(path string, perm FSPermission) {
+	switch perm {
+	case AdminOnlyPermission:
+		// Set only admin rights, remove all others.
+		acl.Apply(path, true, false, acl.GrantName(windows.GENERIC_ALL|windows.STANDARD_RIGHTS_ALL, "Administrators"))
+	case PublicReadPermission:
+		// Set admin rights and read/execute rights for users, remove all others.
+		acl.Apply(path, true, false, acl.GrantName(windows.GENERIC_ALL|windows.STANDARD_RIGHTS_ALL, "Administrators"))
+		acl.Apply(path, false, false, acl.GrantName(windows.GENERIC_EXECUTE, "Users"))
+		acl.Apply(path, false, false, acl.GrantName(windows.GENERIC_READ, "Users"))
+	case PublicWritePermission:
+		// Set full control to admin and regular users. Guest users will not have access.
+		acl.Apply(path, true, false, acl.GrantName(windows.GENERIC_ALL|windows.STANDARD_RIGHTS_ALL, "Administrators"))
+		acl.Apply(path, false, false, acl.GrantName(windows.GENERIC_ALL|windows.STANDARD_RIGHTS_ALL, "Users"))
+	}
+}

base/utils/structure.go

@@ -2,25 +2,61 @@ package utils
 
 import (
 	"fmt"
-	"os"
+	"io/fs"
 	"path/filepath"
 	"strings"
 	"sync"
 )
 
+type FSPermission uint8
+
+const (
+	AdminOnlyPermission FSPermission = iota
+	PublicReadPermission
+	PublicWritePermission
+)
+
+// AsUnixDirPermission return the corresponding unix permission for a directory or executable.
+func (perm FSPermission) AsUnixDirExecPermission() fs.FileMode {
+	switch perm {
+	case AdminOnlyPermission:
+		return 0o700
+	case PublicReadPermission:
+		return 0o755
+	case PublicWritePermission:
+		return 0o777
+	}
+
+	return 0
+}
+
+// AsUnixDirPermission return the corresponding unix permission for a regular file.
+func (perm FSPermission) AsUnixFilePermission() fs.FileMode {
+	switch perm {
+	case AdminOnlyPermission:
+		return 0o600
+	case PublicReadPermission:
+		return 0o655
+	case PublicWritePermission:
+		return 0o666
+	}
+
+	return 0
+}
+
 // DirStructure represents a directory structure with permissions that should be enforced.
 type DirStructure struct {
 	sync.Mutex
 
 	Path     string
 	Dir      string
-	Perm     os.FileMode
+	Perm     FSPermission
 	Parent   *DirStructure
 	Children map[string]*DirStructure
 }
 
 // NewDirStructure returns a new DirStructure.
-func NewDirStructure(path string, perm os.FileMode) *DirStructure {
+func NewDirStructure(path string, perm FSPermission) *DirStructure {
 	return &DirStructure{
 		Path:     path,
 		Perm:     perm,
@@ -29,7 +65,7 @@ func NewDirStructure(path string, perm os.FileMode) *DirStructure {
 }
 
 // ChildDir adds a new child DirStructure and returns it. Should the child already exist, the existing child is returned and the permissions are updated.
-func (ds *DirStructure) ChildDir(dirName string, perm os.FileMode) (child *DirStructure) {
+func (ds *DirStructure) ChildDir(dirName string, perm FSPermission) (child *DirStructure) {
 	ds.Lock()
 	defer ds.Unlock()
 

cmds/portmaster-start/dirs.go

@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 
+	"github.com/safing/portmaster/base/utils"
 	"github.com/spf13/cobra"
 )
 
@@ -24,7 +25,7 @@ var cleanStructureCmd = &cobra.Command{
 }
 
 func cleanAndEnsureExecDir() error {
-	execDir := dataRoot.ChildDir("exec", 0o777)
+	execDir := dataRoot.ChildDir("exec", utils.PublicWritePermission)
 
 	// Clean up and remove exec dir.
 	err := os.RemoveAll(execDir.Path)

cmds/portmaster-start/main.go

@@ -179,14 +179,14 @@ func configureRegistry(mustLoadIndex bool) error {
 	// Remove left over quotes.
 	dataDir = strings.Trim(dataDir, `\"`)
 	// Initialize data root.
-	err := dataroot.Initialize(dataDir, 0o0755)
+	err := dataroot.Initialize(dataDir, utils.PublicReadPermission)
 	if err != nil {
 		return fmt.Errorf("failed to initialize data root: %w", err)
 	}
 	dataRoot = dataroot.Root()
 
 	// Initialize registry.
-	err = registry.Initialize(dataRoot.ChildDir("updates", 0o0755))
+	err = registry.Initialize(dataRoot.ChildDir("updates", utils.PublicReadPermission))
 	if err != nil {
 		return err
 	}
@@ -196,7 +196,7 @@ func configureRegistry(mustLoadIndex bool) error {
 
 func ensureLoggingDir() error {
 	// set up logs root
-	logsRoot = dataRoot.ChildDir("logs", 0o0777)
+	logsRoot = dataRoot.ChildDir("logs", utils.PublicWritePermission)
 	err := logsRoot.Ensure()
 	if err != nil {
 		return fmt.Errorf("failed to initialize logs root (%q): %w", logsRoot.Path, err)

service/core/base/global.go

@@ -8,6 +8,7 @@ import (
 	"github.com/safing/portmaster/base/api"
 	"github.com/safing/portmaster/base/dataroot"
 	"github.com/safing/portmaster/base/info"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/service/mgr"
 )
 
@@ -54,7 +55,7 @@ func prep(instance instance) error {
 		}
 
 		// initialize structure
-		err := dataroot.Initialize(dataDir, 0o0755)
+		err := dataroot.Initialize(dataDir, utils.PublicReadPermission)
 		if err != nil {
 			return err
 		}

service/netquery/database.go

@@ -19,6 +19,7 @@ import (
 	"github.com/safing/portmaster/base/config"
 	"github.com/safing/portmaster/base/dataroot"
 	"github.com/safing/portmaster/base/log"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/service/netquery/orm"
 	"github.com/safing/portmaster/service/network"
 	"github.com/safing/portmaster/service/network/netutils"
@@ -127,7 +128,7 @@ type (
 // Note that write connections are serialized by the Database object before being
 // handed over to SQLite.
 func New(dbPath string) (*Database, error) {
-	historyParentDir := dataroot.Root().ChildDir("databases", 0o700)
+	historyParentDir := dataroot.Root().ChildDir("databases", utils.AdminOnlyPermission)
 	if err := historyParentDir.Ensure(); err != nil {
 		return nil, fmt.Errorf("failed to ensure database directory exists: %w", err)
 	}
@@ -225,7 +226,7 @@ func (db *Database) Close() error {
 
 // VacuumHistory rewrites the history database in order to purge deleted records.
 func VacuumHistory(ctx context.Context) (err error) {
-	historyParentDir := dataroot.Root().ChildDir("databases", 0o700)
+	historyParentDir := dataroot.Root().ChildDir("databases", utils.AdminOnlyPermission)
 	if err := historyParentDir.Ensure(); err != nil {
 		return fmt.Errorf("failed to ensure database directory exists: %w", err)
 	}

service/profile/module.go

@@ -11,6 +11,7 @@ import (
 	"github.com/safing/portmaster/base/database/migration"
 	"github.com/safing/portmaster/base/dataroot"
 	"github.com/safing/portmaster/base/log"
+	"github.com/safing/portmaster/base/utils"
 	_ "github.com/safing/portmaster/service/core/base"
 	"github.com/safing/portmaster/service/mgr"
 	"github.com/safing/portmaster/service/profile/binmeta"
@@ -70,7 +71,7 @@ func prep() error {
 	}
 
 	// Setup icon storage location.
-	iconsDir := dataroot.Root().ChildDir("databases", 0o0700).ChildDir("icons", 0o0700)
+	iconsDir := dataroot.Root().ChildDir("databases", utils.AdminOnlyPermission).ChildDir("icons", utils.AdminOnlyPermission)
 	if err := iconsDir.Ensure(); err != nil {
 		return fmt.Errorf("failed to create/check icons directory: %w", err)
 	}

service/ui/module.go

@@ -7,6 +7,7 @@ import (
 	"github.com/safing/portmaster/base/api"
 	"github.com/safing/portmaster/base/dataroot"
 	"github.com/safing/portmaster/base/log"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/service/mgr"
 )
 
@@ -27,7 +28,7 @@ func start() error {
 	// may seem dangerous, but proper permission on the parent directory provide
 	// (some) protection.
 	// Processes must _never_ read from this directory.
-	err := dataroot.Root().ChildDir("exec", 0o0777).Ensure()
+	err := dataroot.Root().ChildDir("exec", utils.PublicWritePermission).Ensure()
 	if err != nil {
 		log.Warningf("ui: failed to create safe exec dir: %s", err)
 	}

service/updates/main.go

@@ -13,6 +13,7 @@ import (
 	"github.com/safing/portmaster/base/dataroot"
 	"github.com/safing/portmaster/base/log"
 	"github.com/safing/portmaster/base/updater"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/service/mgr"
 	"github.com/safing/portmaster/service/updates/helper"
 )
@@ -138,7 +139,7 @@ func start() error {
 	}
 
 	// initialize
-	err = registry.Initialize(dataroot.Root().ChildDir(updatesDirName, 0o0755))
+	err = registry.Initialize(dataroot.Root().ChildDir(updatesDirName, utils.PublicReadPermission))
 	if err != nil {
 		return err
 	}

service/updates/upgrader.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/hectane/go-acl"
 	processInfo "github.com/shirou/gopsutil/process"
 	"github.com/tevino/abool"
 
@@ -21,6 +20,7 @@ import (
 	"github.com/safing/portmaster/base/notifications"
 	"github.com/safing/portmaster/base/rng"
 	"github.com/safing/portmaster/base/updater"
+	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/base/utils/renameio"
 	"github.com/safing/portmaster/service/mgr"
 	"github.com/safing/portmaster/service/updates/helper"
@@ -351,17 +351,15 @@ func upgradeBinary(fileToUpgrade string, file *updater.File) error {
 
 	// check permissions
 	if onWindows {
-		err = acl.Chmod(fileToUpgrade, 0o0755)
+		utils.SetExecPermission(fileToUpgrade, utils.PublicReadPermission)
-		if err != nil {
-			return fmt.Errorf("failed to set permissions on %s: %w", fileToUpgrade, err)
-		}
 	} else {
+		perm := utils.PublicReadPermission
 		info, err := os.Stat(fileToUpgrade)
 		if err != nil {
 			return fmt.Errorf("failed to get file info on %s: %w", fileToUpgrade, err)
 		}
-		if info.Mode() != 0o0755 {
+		if info.Mode() != perm.AsUnixDirExecPermission() {
-			err := os.Chmod(fileToUpgrade, 0o0755) //nolint:gosec // Set execute permissions.
+			err = utils.SetExecPermission(fileToUpgrade, perm)
 			if err != nil {
 				return fmt.Errorf("failed to set permissions on %s: %w", fileToUpgrade, err)
 			}