Add policy for paranoid mode backup restore

Policy allows a VM with 'backup-restore-mgmt' tag to create VMs, and then manage VMs with 'backup-restore-in-progress' tag (which is added by AdminExtension, based on 'tag-created-vm-with' feature). VM with 'backup-restore-mgmt' tag can also call qubes.RestoreById service to a VM with 'backup-restore-storage' tag. This service allows to retrieve backup archive. QubesOS/qubes-issues#5310
2019-09-15 03:32:53 +02:00 · 2019-09-15 03:32:53 +02:00 · e73320533f
commit e73320533f
parent 2cdba05c99
3 changed files with 29 additions and 0 deletions
--- a/2
+++ b/2
@ -174,6 +174,8 @@ endif
 	mkdir -p $(DESTDIR)/usr/libexec/qubes
 	install -m 0644 qubes-rpc-policy/90-default.policy \
 		$(DESTDIR)/etc/qubes/policy.d/90-default.policy
+	install -m 0644 qubes-rpc-policy/85-admin-backup-restore.policy \
+		$(DESTDIR)/etc/qubes/policy.d/85-admin-backup-restore.policy
 	cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/
 	cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/
 	cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/
--- a/qubes-rpc-policy/85-admin-backup-restore.policy
+++ b/qubes-rpc-policy/85-admin-backup-restore.policy
@ -0,0 +1,26 @@
+## File format:
+## service-name|*       +argument|* source                   destination                     action  [options]
+
+## Allow selected DisposableVM perform "paranoid backup restore"
+admin.vm.Create.AppVM                      *   @tag:backup-restore-mgmt dom0                 allow target=dom0
+admin.vm.Create.StandaloneVM               *   @tag:backup-restore-mgmt dom0                 allow target=dom0
+admin.vm.Create.TemplateVM                 *   @tag:backup-restore-mgmt dom0                 allow target=dom0
+admin.vm.List                              *   @tag:backup-restore-mgmt dom0                 allow target=dom0
+## Allow checking some basic info about all the VMs, to propose conflicts resolution
+admin.vm.List                              *   @tag:backup-restore-mgmt @anyvm               allow target=dom0
+admin.vm.property.Get  +provides_network       @tag:backup-restore-mgmt @anyvm               allow target=dom0
+admin.vm.property.Get  +template_for_dispvms   @tag:backup-restore-mgmt @anyvm               allow target=dom0
+
+## Allow it to configure just created qubes
+admin.vm.feature.Set            *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.firewall.Set           *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.property.Set           *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.tag.Set                *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.volume.Import          *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.volume.Info            *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.volume.List            *   @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+admin.vm.volume.Set.revisions_to_keep   *	@tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
+
+## And finally, allow it to retrieve the actual backup
+qubes.RestoreById               *   @tag:backup-restore-mgmt @tag:backup-restore-storage     allow
+
--- a/rpm_spec/core-dom0.spec.in
+++ b/rpm_spec/core-dom0.spec.in
@ -530,6 +530,7 @@ done
 /etc/xen/scripts/block-snapshot
 /etc/xen/scripts/block-origin
 /etc/xen/scripts/vif-route-qubes
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/85-admin-backup-restore.policy
 %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/90-admin-default.policy
 %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/90-default.policy
 %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/include/admin-global-ro