Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

api: improve handling destination removed just before the call

Browse Source 
There are cases when destination domain doesn't exist when the call gets
to qubesd. Namely:
 1. The call comes from dom0, which bypasses qrexec policy
 2. Domain was removed between checking the policy and here
Handle the the same way as if the domain wouldn't exist at policy
evaluation stage either - i.e. refuse the call.

On the client side it doesn't change much, but on the server call it
avoids ugly, useless tracebacks in system journal.

Fixes QubesOS/qubes-issues#5105
This commit is contained in:
Marek Marczykowski-Górecki 2019-09-23 04:09:17 +02:00
parent 8ecf00bd0e
commit eb39f69882
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
qubes/api/__init__.py
View File

@ -121,8 +121,17 @@ class AbstractQubesAPI:
#: source qube
self.src = self.app.domains[src.decode('ascii')]
#: destination qube
self.dest = self.app.domains[dest.decode('ascii')]
try:
#: destination qube
self.dest = self.app.domains[dest.decode('ascii')]
except KeyError:
# normally this should filtered out by qrexec policy, but there are
# two cases it might not be:
# 1. The call comes from dom0, which bypasses qrexec policy
# 2. Domain was removed between checking the policy and here
# For uniform handling on the client side, treat this as permission
# denied error too
raise PermissionDenied
#: argument
self.arg = arg.decode('ascii')