qubespolicy: forbid qrexec loopback connections at policy level

libxenvchan currently can't handle loopback connections. Since error reporting on vchan connection setup is far from perfect, try to avoid making such connections at all. QubesOS/qubes-issues#951 Fixes QubesOS/qubes-issues#4804
2019-02-24 02:01:48 +01:00 · 2019-02-24 02:01:48 +01:00 · eeec2e0ddd
commit eeec2e0ddd
parent 202e3df6b6
2 changed files with 12 additions and 5 deletions
--- a/qubespolicy/init.py
+++ b/qubespolicy/init.py
@ -482,6 +482,9 @@ class PolicyAction(object):
        qrexec_opts = ['-d', target, '-c', caller_ident]
        if dispvm:
            qrexec_opts.append('-W')
+        # XXX remove when #951 gets fixed
+        if self.source == target:
+            raise AccessDenied('loopback qrexec connection not supported')
        try:
            subprocess.call([QREXEC_CLIENT] + qrexec_opts + [cmd])
        finally:
@ -636,6 +639,10 @@ class Policy(object):
            targets.remove('@adminvm')
            targets.add('dom0')

+        # XXX remove when #951 gets fixed
+        if source in targets:
+            targets.remove(source)
+
        return targets

    def evaluate(self, system_info, source, target):
--- a/qubespolicy/tests/init.py
+++ b/qubespolicy/tests/init.py
@ -711,14 +711,14 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
            f.write('test-standalone @adminvm allow\n')
        policy = qubespolicy.Policy('test.service', tmp_policy_dir)
        self.assertCountEqual(policy.collect_targets_for_ask(system_info,
-            'test-vm1'), ['test-vm1', 'test-vm2', 'test-vm3',
+            'test-vm1'), ['test-vm2', 'test-vm3',
                '@dispvm:test-vm3',
                'default-dvm', '@dispvm:default-dvm', 'test-invalid-dvm',
                'test-no-dvm', 'test-template', 'test-standalone'])
        self.assertCountEqual(policy.collect_targets_for_ask(system_info,
-            'test-vm2'), ['test-vm2', 'test-vm3'])
+            'test-vm2'), ['test-vm3'])
        self.assertCountEqual(policy.collect_targets_for_ask(system_info,
-            'test-vm3'), ['test-vm3'])
+            'test-vm3'), [])
        self.assertCountEqual(policy.collect_targets_for_ask(system_info,
            'test-standalone'), ['test-vm1', 'test-vm2', 'test-vm3',
            'default-dvm', 'test-no-dvm', 'test-invalid-dvm',
@ -781,7 +781,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
        self.assertCountEqual(action.targets_for_ask,
            ['test-vm1', 'test-vm2', 'test-vm3', '@dispvm:test-vm3',
                'default-dvm', '@dispvm:default-dvm', 'test-invalid-dvm',
-                'test-no-dvm', 'test-template', 'test-standalone'])
+                'test-no-dvm', 'test-template'])

    def test_033_eval_ask(self):
        with open(os.path.join(tmp_policy_dir, 'test.service'), 'w') as f:
@ -802,7 +802,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
        self.assertCountEqual(action.targets_for_ask,
            ['test-vm1', 'test-vm2', 'test-vm3', '@dispvm:test-vm3',
                'default-dvm', '@dispvm:default-dvm', 'test-invalid-dvm',
-                'test-no-dvm', 'test-template', 'test-standalone'])
+                'test-no-dvm', 'test-template'])

    def test_034_eval_resolve_dispvm(self):
        with open(os.path.join(tmp_policy_dir, 'test.service'), 'w') as f: