Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: allow for more options in the policy files

Browse Source
This commit is contained in:
Rafal Wojtczuk 2011-07-06 18:34:00 +02:00
parent 7b39b15f6d
commit c80ee3b231
2 changed files with 69 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dom0/restore/qfile-daemon-dvm
View File

@ -126,6 +126,8 @@ def main():
global notify_object global notify_object
exec_index = sys.argv[1] exec_index = sys.argv[1]
src_vmname = sys.argv[2] src_vmname = sys.argv[2]
user = sys.argv[3]
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications") notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(src_vmname) qfile = QfileDaemonDvm(src_vmname)
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a') lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
@ -135,7 +137,7 @@ def main():
lockf.close() lockf.close()
if dispname is not None: if dispname is not None:
subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname, subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname,
'user:exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname]) user+":exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
subprocess.call(['/usr/sbin/xl', 'destroy', dispname]) subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
qfile.remove_disposable_from_qdb(dispname) qfile.remove_disposable_from_qdb(dispname)

99
qrexec/qrexec_policy
View File

@ -1,45 +1,69 @@
#!/usr/bin/python #!/usr/bin/python
import sys import sys
import os import os
import os.path
import subprocess import subprocess
POLICY_FILE_DIR="/etc/qubes_rpc/policy" POLICY_FILE_DIR="/etc/qubes_rpc/policy"
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client" QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
def line_to_dict(line):
tokens=line.split()
if len(tokens) < 3:
return None
dict={}
dict['source']=tokens[0]
dict['dest']=tokens[1]
action_list=tokens[2].split(',')
dict['action']=action_list.pop(0)
for iter in action_list:
paramval=iter.split("=")
dict["action."+paramval[0]]=paramval[1]
return dict
def read_policy_file(exec_index): def read_policy_file(exec_index):
policy=list() policy_file=POLICY_FILE_DIR+"/"+exec_index
f = open(POLICY_FILE_DIR+"/"+exec_index) if not os.path.isfile(policy_file):
return None
policy_list=list()
f = open(policy_file)
for iter in f.readlines(): for iter in f.readlines():
policy.append(iter.split()) dict = line_to_dict(iter)
if dict is not None:
policy_list.append(dict)
f.close() f.close()
return policy return policy_list
def is_match(item, config_term): def is_match(item, config_term):
return (item is not "dom0" and config_term == "anyvm") or item == config_term return (item is not "dom0" and config_term == "anyvm") or item == config_term
def apply_policy(policy, domain, target): def get_default_policy():
for iter in policy: dict={}
if len(iter) < 3: dict["action"]="deny"
continue return dict
if not is_match(domain, iter[0]):
continue
if not is_match(target, iter[1]):
continue
ret=iter[2].split("=")
if len(ret)==1:
return (ret[0], None)
else:
return (ret[0], ret[1])
return (None, None)
def do_execute(domain, target, exec_index, process_ident):
def find_policy(policy, domain, target):
for iter in policy:
if not is_match(domain, iter["source"]):
continue
if not is_match(target, iter["dest"]):
continue
return iter
return get_default_policy()
def do_execute(domain, target, user, exec_index, process_ident):
if target == "dom0": if target == "dom0":
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
elif target == "dispvm": elif target == "dispvm":
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
else: else:
#fixme: qvm-run --pass_io is broken for non-running target domain #fixme: qvm-run --pass_io is broken for non-running target domain
cmd= "qvm-run -uroot -q -a --pass_io "+target cmd= "qvm-run -uroot -q -a --pass_io "+target + " -u" + user
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'" cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident) os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
@ -61,19 +85,30 @@ def main():
exec_index=sys.argv[3] exec_index=sys.argv[3]
process_ident=sys.argv[4] process_ident=sys.argv[4]
action = None policy_list=read_policy_file(exec_index)
while action is None: if policy_list==None:
policy = read_policy_file(exec_index)
(action, params) = apply_policy(policy, domain, target)
if action is None:
policy_editor(domain, target, exec_index) policy_editor(domain, target, exec_index)
if action == "allow": policy_list=read_policy_file(exec_index)
do_execute(domain, target, exec_index, process_ident) if policy_list==None:
elif action == "divert": policy_list=list()
do_execute(domain, params, exec_index, process_ident)
elif action == "ask": policy_dict=find_policy(policy_list, domain, target)
if policy_dict["action"] == "ask":
if confirm_execution(domain, target, exec_index): if confirm_execution(domain, target, exec_index):
do_execute(domain, target, exec_index, process_ident) policy_dict["action"] = "allow"
else:
policy_dict["action"] = "deny"
if policy_dict["action"] == "allow":
if policy_dict.has_key("action.target"):
target=policy_dict["action.target"]
if policy_dict.has_key("action.user"):
user=policy_dict["action.user"]
else:
user="user"
do_execute(domain, target, user, exec_index, process_ident)
print >> sys.stderr, "Rpc denied:", domain, target, exec_index print >> sys.stderr, "Rpc denied:", domain, target, exec_index
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident) os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)