Merge remote-tracking branch 'origin/pr/322'

* origin/pr/322:
  Ensure empty service value delete /var/run/qubes-service/ file
  services: fixes from Marek's comments
  config: fix mistake in path for services
  tests: add/remove services in dom0
  config: specify dom0 services path
  services: handle dom0 write permission errors
  services: handle /var/run/qubes/'SERVICE NAME' for dom0
  services: make PEP8 happier

qubes/config.py

@@ -44,6 +44,8 @@ system_path = {
     # qubes_icon_dir is obsolete
     # use QIcon.fromTheme() where applicable
     'qubes_icon_dir': '/usr/share/icons/hicolor/128x128/devices',
+
+    'dom0_services_dir': '/var/run/qubes-service',
 }
 
 defaults = {

qubes/ext/services.py

@@ -18,18 +18,46 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library; if not, see <https://www.gnu.org/licenses/>.
 
-'''Extension responsible for qvm-service framework'''
+"""Extension responsible for qvm-service framework"""
 
+import os
 import qubes.ext
+import qubes.config
+
 
 class ServicesExtension(qubes.ext.Extension):
-    '''This extension export features with 'service.' prefix to QubesDB in
+    """This extension export features with 'service.' prefix to QubesDB in
     /qubes-service/ tree.
-    '''
+    """
+
+    @staticmethod
+    def add_dom0_service(vm, service):
+        try:
+            os.makedirs(
+                qubes.config.system_path['dom0_services_dir'], exist_ok=True)
+            service = '{}/{}'.format(
+                qubes.config.system_path['dom0_services_dir'], service)
+            if not os.path.exists(service):
+                os.mknod(service)
+        except PermissionError:
+            vm.log.warning("Cannot write to {}".format(
+                qubes.config.system_path['dom0_services_dir']))
+
+    @staticmethod
+    def remove_dom0_service(vm, service):
+        try:
+            service = '{}/{}'.format(
+                qubes.config.system_path['dom0_services_dir'], service)
+            if os.path.exists(service):
+                os.remove(service)
+        except PermissionError:
+            vm.log.warning("Cannot write to {}".format(
+                qubes.config.system_path['dom0_services_dir']))
+
     # pylint: disable=no-self-use
     @qubes.ext.handler('domain-qdb-create')
     def on_domain_qdb_create(self, vm, event):
-        '''Actually export features'''
+        """Actually export features"""
         # pylint: disable=unused-argument
         for feature, value in vm.features.items():
             if not feature.startswith('service.'):
@@ -37,15 +65,15 @@ class ServicesExtension(qubes.ext.Extension):
             service = feature[len('service.'):]
             # forcefully convert to '0' or '1'
             vm.untrusted_qdb.write('/qubes-service/{}'.format(service),
-                str(int(bool(value))))
+                                   str(int(bool(value))))
 
         # always set meminfo-writer according to maxmem
         vm.untrusted_qdb.write('/qubes-service/meminfo-writer',
-            '1' if vm.maxmem > 0 else '0')
+                               '1' if vm.maxmem > 0 else '0')
 
     @qubes.ext.handler('domain-feature-set:*')
     def on_domain_feature_set(self, vm, event, feature, value, oldvalue=None):
-        '''Update /qubes-service/ QubesDB tree in runtime'''
+        """Update /qubes-service/ QubesDB tree in runtime"""
         # pylint: disable=unused-argument
 
         # TODO: remove this compatibility hack in Qubes 4.1
@@ -68,11 +96,17 @@ class ServicesExtension(qubes.ext.Extension):
         service = feature[len('service.'):]
         # forcefully convert to '0' or '1'
         vm.untrusted_qdb.write('/qubes-service/{}'.format(service),
-            str(int(bool(value))))
+                               str(int(bool(value))))
+
+        if vm.name == "dom0":
+            if str(int(bool(value))) == "1":
+                self.add_dom0_service(vm, service)
+            else:
+                self.remove_dom0_service(vm, service)
 
     @qubes.ext.handler('domain-feature-delete:*')
     def on_domain_feature_delete(self, vm, event, feature):
-        '''Update /qubes-service/ QubesDB tree in runtime'''
+        """Update /qubes-service/ QubesDB tree in runtime"""
         # pylint: disable=unused-argument
         if not vm.is_running():
             return
@@ -84,9 +118,12 @@ class ServicesExtension(qubes.ext.Extension):
             return
         vm.untrusted_qdb.rm('/qubes-service/{}'.format(service))
 
+        if vm.name == "dom0":
+            self.remove_dom0_service(vm, service)
+
     @qubes.ext.handler('domain-load')
     def on_domain_load(self, vm, event):
-        '''Migrate meminfo-writer service into maxmem'''
+        """Migrate meminfo-writer service into maxmem"""
         # pylint: disable=no-self-use,unused-argument
         if 'service.meminfo-writer' in vm.features:
             # if was set to false, force maxmem=0
@@ -95,9 +132,19 @@ class ServicesExtension(qubes.ext.Extension):
                 vm.maxmem = 0
             del vm.features['service.meminfo-writer']
 
+        if vm.name == "dom0":
+            for feature, value in vm.features.items():
+                if not feature.startswith('service.'):
+                    continue
+                service = feature[len('service.'):]
+                if str(int(bool(value))) == "1":
+                    self.add_dom0_service(vm, service)
+                else:
+                    self.remove_dom0_service(vm, service)
+
     @qubes.ext.handler('features-request')
     def supported_services(self, vm, event, untrusted_features):
-        '''Handle advertisement of supported services'''
+        """Handle advertisement of supported services"""
         # pylint: disable=no-self-use,unused-argument
 
         if getattr(vm, 'template', None):

qubes/tests/ext.py

@@ -18,13 +18,13 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library; if not, see <https://www.gnu.org/licenses/>.
 
-from unittest import mock
-
+import os
 import qubes.ext.core_features
 import qubes.ext.services
 import qubes.ext.windows
 import qubes.tests
 
+from unittest import mock
 
 class TC_00_CoreFeatures(qubes.tests.QubesTestCase):
     def setUp(self):
@@ -235,19 +235,27 @@ class TC_20_Services(qubes.tests.QubesTestCase):
     def setUp(self):
         super().setUp()
         self.ext = qubes.ext.services.ServicesExtension()
-        self.vm = mock.MagicMock()
         self.features = {}
-        self.vm.configure_mock(**{
-            'template': None,
-            'maxmem': 1024,
-            'is_running.return_value': True,
+        specs = {
             'features.get.side_effect': self.features.get,
             'features.items.side_effect': self.features.items,
             'features.__iter__.side_effect': self.features.__iter__,
             'features.__contains__.side_effect': self.features.__contains__,
             'features.__setitem__.side_effect': self.features.__setitem__,
             'features.__delitem__.side_effect': self.features.__delitem__,
-            })
+        }
+        vmspecs = {**specs, **{
+            'template': None,
+            'maxmem': 1024,
+            'is_running.return_value': True,
+            }}
+        dom0specs = {**specs, **{
+            'name': "dom0",
+            }}
+        self.vm = mock.MagicMock()
+        self.vm.configure_mock(**vmspecs)
+        self.dom0 = mock.MagicMock()
+        self.dom0.configure_mock(**dom0specs)
 
     def test_000_write_to_qdb(self):
         self.features['service.test1'] = '1'
@@ -322,3 +330,55 @@ class TC_20_Services(qubes.tests.QubesTestCase):
         self.assertEqual(self.features, {
             'supported-service.test2': True,
         })
+
+    def test_013_feature_set_dom0(self):
+        self.test_base_dir = '/tmp/qubes-test-dir'
+        self.base_dir_patch = mock.patch.dict(
+            qubes.config.system_path, {'dom0_services_dir': self.test_base_dir})
+        self.base_dir_patch.start()
+        self.addCleanup(self.base_dir_patch.stop)
+        service = 'guivm-gui-agent'
+        service_path = self.test_base_dir + '/' + service
+
+        self.ext.on_domain_feature_set(
+            self.dom0,
+            'feature-set:service.service.guivm-gui-agent',
+            'service.guivm-gui-agent', '1')
+        self.assertEqual(os.path.exists(service_path), True)
+
+    def test_014_feature_delete_dom0(self):
+        self.test_base_dir = '/tmp/qubes-test-dir'
+        self.base_dir_patch = mock.patch.dict(
+            qubes.config.system_path, {'dom0_services_dir': self.test_base_dir})
+        self.base_dir_patch.start()
+        self.addCleanup(self.base_dir_patch.stop)
+        service = 'guivm-gui-agent'
+        service_path = self.test_base_dir + '/' + service
+
+        self.ext.on_domain_feature_set(
+            self.dom0,
+            'feature-set:service.service.guivm-gui-agent',
+            'service.guivm-gui-agent', '1')
+
+        self.ext.on_domain_feature_delete(
+            self.dom0,
+            'feature-delete:service.service.guivm-gui-agent',
+            'service.guivm-gui-agent')
+
+        self.assertEqual(os.path.exists(service_path), False)
+
+    def test_014_feature_set_empty_value_dom0(self):
+        self.test_base_dir = '/tmp/qubes-test-dir'
+        self.base_dir_patch = mock.patch.dict(
+            qubes.config.system_path, {'dom0_services_dir': self.test_base_dir})
+        self.base_dir_patch.start()
+        self.addCleanup(self.base_dir_patch.stop)
+        service = 'guivm-gui-agent'
+        service_path = self.test_base_dir + '/' + service
+
+        self.ext.on_domain_feature_set(
+            self.dom0,
+            'feature-set:service.service.guivm-gui-agent',
+            'service.guivm-gui-agent', '')
+
+        self.assertEqual(os.path.exists(service_path), False)