qrexec: last two missing pieces of the new rpc infrastructure

qrexec/qrexec_policy

@@ -0,0 +1,75 @@
+#!/usr/bin/python
+import sys
+import os
+import subprocess
+ 
+POLICY_FILE_DIR="/etc/qubes_rpc/policy"
+QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
+
+def read_policy_file(exec_index):
+    policy=list()
+    f = open(POLICY_FILE_DIR+"/"+exec_index)
+    for iter in f.readlines():
+        policy.append(iter.split())
+    f.close()
+    return policy
+
+def is_match(item, config_term):
+    return (item is not "dom0" and config_term == "anyvm") or item == config_term
+
+def apply_policy(policy, domain, target):
+    for iter in policy:
+        if len(iter) < 3:
+            continue
+        if not is_match(domain, iter[0]):
+            continue
+        if not is_match(target, iter[1]):
+            continue
+        ret=iter[2].split("=")
+        if len(ret)==1:
+            return (ret[0], None)
+        else:
+            return (ret[0], ret[1])
+    return (None, None)
+        
+def do_execute(domain, target, exec_index, process_ident):
+    cmd= "qvm-run -q -a --pass_io "+target
+    cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
+    os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
+
+def confirm_execution(domain, target, exec_index):
+    text = "Do you allow domain \"" +domain + "\" to execute " + exec_index
+    text+= " operation on the domain \"" + target +"\"?" 
+    retcode = subprocess.call(["/usr/bin/zenity", "--question", "--text", text])
+    return retcode==0
+
+def policy_editor(domain, target, exec_index):
+    text = "Policy editor not yet implemented. Please add a line in the form \""
+    text+= domain + " " + target + "action_to_take\""
+    text+= " to /etc/qubes_rpc/policy/" + exec_index +" file in dom0, then close this info."
+    subprocess.call(["/usr/bin/zenity", "--info", "--text", text]) 
+
+def main():
+    domain=sys.argv[1]
+    target=sys.argv[2]
+    exec_index=sys.argv[3]
+    process_ident=sys.argv[4]
+    
+    action = None
+    while action is None:
+        policy = read_policy_file(exec_index)
+        (action, params) = apply_policy(policy, domain, target)
+        if action is None:
+            policy_editor(domain, target, exec_index)
+    if action == "allow":
+        do_execute(domain, target, exec_index, process_ident)
+    elif action == "divert":
+        do_execute(domain, params, exec_index, process_ident)
+    elif action == "ask":
+        if confirm_execution(domain, target, exec_index):
+            do_execute(domain, target, exec_index, process_ident)
+    print >> sys.stderr, "Rpc denied:", domain, target, exec_index    
+    os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)
+
+main()
+                

qrexec/qubes_rpc_multiplexer

@@ -0,0 +1,14 @@
+#!/bin/sh
+QUBES_RPC=/etc/qubes_rpc
+if ! [ $# = 2 ] ; then
+	echo $0: bad argument count >&2
+	exit 1
+fi
+CFG_FILE=$QUBES_RPC/"$1"
+if [ -s "$CFG_FILE" ] ; then
+	exec $(cat "$CFG_FILE") "$2"
+	echo "$0: failed to execute handler for" "$1" >&2
+	exit 1
+fi
+echo "$0: nonexistent or empty" "$CFG_FILE" file >&2
+exit 1

rpm_spec/core-appvm.spec

@@ -82,11 +82,14 @@ cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes
 cp qvm-trigger-copy-to-vm $RPM_BUILD_ROOT/usr/lib/qubes
 cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
 cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
+cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
 cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
 cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
 mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir}
 cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir}
 mkdir -p $RPM_BUILD_ROOT/mnt/removable
+mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc
+
 
 mkdir -p $RPM_BUILD_ROOT/etc/X11
 cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
@@ -144,10 +147,12 @@ rm -rf $RPM_BUILD_ROOT
 /usr/lib/qubes/qvm-trigger-copy-to-vm
 /usr/lib/qubes/qrexec_agent
 /usr/lib/qubes/qrexec_client_vm
+/usr/lib/qubes/qubes_rpc_multiplexer
 /usr/lib/qubes/qfile-agent
 /usr/lib/qubes/qfile-agent-dvm
 /usr/lib/qubes/qfile-unpacker
 %dir /mnt/removable
+%dir /etc/qubes_rpc
 /usr/bin/qubes_timestamp
 %dir /home_volatile
 %attr(700,user,user) /home_volatile/user

rpm_spec/core-dom0.spec

@@ -96,8 +96,11 @@ cp qmemman/server.py $RPM_BUILD_ROOT/usr/lib/qubes/qmemman_daemon.py
 cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_daemon $RPM_BUILD_ROOT/usr/lib/qubes/
 cp ../qrexec/qrexec_client $RPM_BUILD_ROOT/usr/lib/qubes/
+cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
 
+mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy
+
 cp restore/qvm-create-default-dvm $RPM_BUILD_ROOT/usr/bin
 cp restore/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
 cp restore/qubes_restore restore/xenfreepages $RPM_BUILD_ROOT/usr/lib/qubes
@@ -321,6 +324,8 @@ fi
 /etc/xen/scripts/block-origin
 /etc/xen/scripts/vif-route-qubes
 /usr/lib/qubes/qrexec_client
+/usr/lib/qubes/qrexec_policy
+%dir /etc/qubes_rpc/policy
 %attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon
 %attr(4750,root,qubes) /usr/lib/qubes/xenfreepages
 %attr(2770,root,qubes) %dir /var/log/qubes