vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 18:19:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
safing-portmaster/spn/crew/policy.go

51 lines
1.2 KiB
Go
Raw Blame History

package crew
import (
"context"
"sync"
"github.com/safing/portmaster/service/intel"
"github.com/safing/portmaster/service/profile/endpoints"
"github.com/safing/portmaster/spn/hub"
"github.com/safing/portmaster/spn/terminal"
)
var (
connectingHubLock sync.Mutex
connectingHub *hub.Hub
)
// EnableConnecting enables connecting from this Hub.
func EnableConnecting(my *hub.Hub) {
connectingHubLock.Lock()
defer connectingHubLock.Unlock()
connectingHub = my
}
func checkExitPolicy(request *ConnectRequest) *terminal.Error {
connectingHubLock.Lock()
defer connectingHubLock.Unlock()
// Check if connect requests are allowed.
if connectingHub == nil {
return terminal.ErrPermissionDenied.With("connect requests disabled")
}
// Create entity.
entity := (&intel.Entity{
IP: request.IP,
Protocol: uint8(request.Protocol),
Port: request.Port,
Domain: request.Domain,
}).Init(0)
entity.FetchData(context.TODO())
// Check against policy.
result, reason := connectingHub.GetInfo().ExitPolicy().Match(context.TODO(), entity)
if result == endpoints.Denied {
return terminal.ErrPermissionDenied.With("connect request for %s violates the exit policy: %s", request, reason)
}
return nil
}
Reference in a new issue View git blame Copy permalink