From 1a6728cb12ccfbc1711129d3f91a183badc4804b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 28 Jul 2017 15:08:33 +0200 Subject: [PATCH] ext/services: move exporting 'service.*' features to extensions This means core code will not publish any features by default. --- qubes/ext/services.py | 62 +++++++++++++++++++++++++++++++++++++++++ qubes/vm/qubesvm.py | 8 ------ rpm_spec/core-dom0.spec | 1 + 3 files changed, 63 insertions(+), 8 deletions(-) create mode 100644 qubes/ext/services.py diff --git a/qubes/ext/services.py b/qubes/ext/services.py new file mode 100644 index 00000000..85f29dde --- /dev/null +++ b/qubes/ext/services.py @@ -0,0 +1,62 @@ +# -*- encoding: utf-8 -*- +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2017 Marek Marczykowski-Górecki +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, see . + +'''Extension responsible for qvm-service framework''' + +import qubes.ext + +class ServicesExtension(qubes.ext.Extension): + '''This extension export features with 'service.' prefix to QubesDB in + /qubes-service/ tree. + ''' + # pylint: disable=no-self-use + @qubes.ext.handler('domain-qdb-create') + def on_domain_qdb_create(self, vm): + '''Actually export features''' + for feature, value in vm.features.items(): + if not feature.startswith('service.'): + continue + service = feature[len('service.'):] + # forcefully convert to '0' or '1' + vm.untrusted_qdb.write('/qubes-service/{}'.format(service), + str(int(bool(value)))) + + @qubes.ext.handler('domain-feature-set') + def on_domain_feature_set(self, vm, feature, value, oldvalue=None): + '''Update /qubes-service/ QubesDB tree in runtime''' + # pylint: disable=unused-argument + if not vm.is_running(): + return + if not feature.startswith('service.'): + return + service = feature[len('service.'):] + # forcefully convert to '0' or '1' + vm.untrusted_qdb.write('/qubes-service/{}'.format(service), + str(int(bool(value)))) + + @qubes.ext.handler('domain-feature-delete') + def on_domain_feature_delete(self, vm, feature): + '''Update /qubes-service/ QubesDB tree in runtime''' + if not vm.is_running(): + return + if not feature.startswith('service.'): + return + service = feature[len('service.'):] + vm.untrusted_qdb.rm('/qubes-service/{}'.format(service)) diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py index 69febe4a..fcd8fd7a 100644 --- a/qubes/vm/qubesvm.py +++ b/qubes/vm/qubesvm.py @@ -1750,14 +1750,6 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM): if tzname: self.qdb.write('/qubes-timezone', tzname) - for feature, value in self.features.items(): - if not feature.startswith('service.'): - continue - service = feature[len('service.'):] - # forcefully convert to '0' or '1' - self.qdb.write('/qubes-service/{}'.format(service), - str(int(bool(value)))) - self.qdb.write('/qubes-block-devices', '') self.qdb.write('/qubes-usb-devices', '') diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index b1b36492..aacb6caa 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -289,6 +289,7 @@ fi %{python3_sitelib}/qubes/ext/pci.py %{python3_sitelib}/qubes/ext/qubesmanager.py %{python3_sitelib}/qubes/ext/r3compatibility.py +%{python3_sitelib}/qubes/ext/services.py %dir %{python3_sitelib}/qubes/tests %dir %{python3_sitelib}/qubes/tests/__pycache__