From a930fbbce0fb6215ab81f6d7fd2844a89fa03505 Mon Sep 17 00:00:00 2001 From: shw Date: Wed, 10 May 2017 03:35:09 +0000 Subject: [PATCH] Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established. --- sgfw/ipc.go | 26 +++++++++++++++++--------- sgfw/policy.go | 6 +++--- sgfw/snitch-ext.go | 1 - 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/sgfw/ipc.go b/sgfw/ipc.go index 339ed41..efd29f5 100644 --- a/sgfw/ipc.go +++ b/sgfw/ipc.go @@ -13,23 +13,29 @@ import ( const ReceiverSocketPath = "/tmp/fwoz.sock" -var OzInitPids []int = []int{} +type OzInitProc struct { + Name string + Pid int +} + +var OzInitPids []OzInitProc = []OzInitProc{} -func addInitPid(pid int) { - fmt.Println("::::::::::: init pid added: ", pid) +func addInitPid(pid int, name string) { + fmt.Println("::::::::::: init pid added: ", pid, " -> ", name) for i := 0; i < len(OzInitPids); i++ { - if OzInitPids[i] == pid { + if OzInitPids[i].Pid == pid { return } } - OzInitPids = append(OzInitPids, pid) + ozi := OzInitProc{Name: name, Pid: pid} + OzInitPids = append(OzInitPids, ozi) } func removeInitPid(pid int) { for i := 0; i < len(OzInitPids); i++ { - if OzInitPids[i] == pid { + if OzInitPids[i].Pid == pid { OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...) return } @@ -154,7 +160,7 @@ func ReceiverLoop(fw *Firewall, c net.Conn) { return } - if tokens[0] == "register-init" && len(tokens) == 2 { + if tokens[0] == "register-init" && len(tokens) >= 3 { initp := tokens[1] initpid, err := strconv.Atoi(initp) @@ -164,7 +170,8 @@ func ReceiverLoop(fw *Firewall, c net.Conn) { return } - addInitPid(initpid) + ozname := strings.Join(tokens[2:], " ") + addInitPid(initpid, ozname) c.Write([]byte("OK.\n")) return } @@ -258,7 +265,8 @@ func OzReceiver(fw *Firewall) { if len(sboxes) > 0 { log.Warning("Adding existing Oz sandbox init pids...") for s := 0; s < len(sboxes); s++ { - addInitPid(sboxes[s].InitPid) + profname := fmt.Sprintf("%s (%d)", sboxes[s].Profile, sboxes[s].Id) + addInitPid(sboxes[s].InitPid, profname) } } else { log.Warning("It does not appear there were any Oz sandboxed processes already launched.") diff --git a/sgfw/policy.go b/sgfw/policy.go index c3463de..20029bc 100644 --- a/sgfw/policy.go +++ b/sgfw/policy.go @@ -505,7 +505,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket) (*procsnitch.Info, string) { for i := 0; i < len(OzInitPids); i++ { data := "" - fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i]) + fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i].Pid) fmt.Println("XXX: opening: ", fname) bdata, err := readFileDirect(fname) @@ -531,8 +531,8 @@ fmt.Println("XXX: opening: ", fname) res = procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, rlines) if res != nil { - optstr = "[Sandboxed application]" - res.ExePath = getRealRoot(res.ExePath, OzInitPids[i]) + optstr = "Sandbox: " + OzInitPids[i].Name + res.ExePath = getRealRoot(res.ExePath, OzInitPids[i].Pid) break } } diff --git a/sgfw/snitch-ext.go b/sgfw/snitch-ext.go index 3fe4972..7080953 100644 --- a/sgfw/snitch-ext.go +++ b/sgfw/snitch-ext.go @@ -30,7 +30,6 @@ var ozCtrlFactory = ipc.NewMsgFactory( func getSandboxes() ([]SandboxInfo, error) { c, err := ipc.Connect(socketPath, ozCtrlFactory, nil) if err != nil { - log.Fatal("Error connecting to oz control socket: ", err) return nil, err }