Handle HTTP & HTTPS URLs in dom0 & GUIVMs

.gitignore

@@ -93,3 +93,5 @@ ENV/
 *.swp
 
 *.~undo-tree~
+*.glade~
+*.glade#

.gitlab-ci.yml

@@ -13,7 +13,7 @@ checks:tests:
   before_script: &before-script
     - "PATH=$PATH:$HOME/.local/bin"
     - sudo dnf install -y python3-gobject gtk3 python3-pytest gtksourceview4
-      python3-coverage xorg-x11-server-Xvfb python3-pip
+      python3-coverage xorg-x11-server-Xvfb python3-pip xdg-utils
     - pip3 install --quiet -r ci/requirements.txt
     - git clone https://github.com/QubesOS/qubes-core-admin-client ~/core-admin-client
     - git clone https://github.com/QubesOS/qubes-core-qrexec ~/core-qrexec

Makefile

@@ -51,6 +51,7 @@ install-autostart:
 	cp desktop/qubes-policy-editor-gui.desktop $(DESTDIR)/usr/share/applications/
 	install -d $(DESTDIR)/usr/lib/qubes -m 0755
 	install -m 0755 qui/devices/qubes-device-agent-autostart $(DESTDIR)/usr/lib/qubes/qubes-device-agent-autostart
+	cp desktop/qubes-virtual-browser.desktop $(DESTDIR)/usr/share/applications/
 
 install-lang:
 	mkdir -p $(DESTDIR)/usr/share/gtksourceview-4/language-specs/

debian/control

@@ -19,6 +19,7 @@ Package: qubes-desktop-linux-manager
 Architecture: any
 Depends:
  python3-qui,
+ xdg-utils,
  ${misc:Depends}
 Description: Qubes UI Applications
  A collection of GUI application for enhancing the Qubes UX.

desktop/qubes-virtual-browser.desktop

@@ -0,0 +1,13 @@
+### Note: With this installed, typing "xdg-settings set default-web-browser qubes-virtual-browser.desktop" will make it so that in gnome-terminal
+###   (typing "xdg-settings set default-web-browser firefox.desktop" will put it back to normal)
+
+[Desktop Entry]
+Version=1.0
+Name=Qubes Virtual Browser
+Exec=/usr/bin/qubes-virtual-browser %u
+Icon=qubes-manager
+Terminal=false
+Type=Application
+Categories=Network;WebBrowser;
+MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;
+NoDisplay=true

qubes_config/global_config/global_config.py

@@ -32,7 +32,7 @@
 import qubesadmin.vm
 from ..widgets.gtk_utils import show_error, show_dialog_with_icon, load_theme
 from ..widgets.gtk_widgets import ProgressBarDialog, ViewportHandler
-from ..widgets.utils import open_url_in_disposable
+from ..widgets.utils import open_url_in_disposable, apply_feature_change
 from .page_handler import PageHandler
 from .policy_handler import PolicyHandler, VMSubsetPolicyHandler
 from .policy_rules import RuleSimple, \
@@ -49,6 +49,7 @@
 
 gi.require_version('Gtk', '3.0')
 from gi.repository import Gtk, GLib, GObject, Gio
+from gi.repository.GdkPixbuf import Pixbuf
 
 logger = logging.getLogger('qubes-global-config')
 
@@ -189,6 +190,138 @@
         return "\n".join(unsaved)
 
 
+class UrlPageHandler(PageHandler):
+    """Handler for URL page. Requires separate handler because it combines
+    qubes-virtual-browser settings with qubes.OpenURL policies. """
+    def __init__(self, qapp: qubesadmin.Qubes,
+                 gtk_builder: Gtk.Builder,
+                 policy_manager: PolicyManager):
+        self.qapp = qapp
+        self.builder = gtk_builder
+        self.policy_manager = policy_manager
+        self.browser_action = qapp.domains[qapp.local_name].features.get( \
+            "virtual-browser-action", "")
+
+        self.virtual_browser_ask: Gtk.RadioButton = \
+            gtk_builder.get_object('virtual_browser_ask')
+        self.virtual_browser_dispvm: Gtk.RadioButton = \
+            gtk_builder.get_object('virtual_browser_dispvm')
+        self.virtual_browser_clipboard: Gtk.RadioButton = \
+            gtk_builder.get_object('virtual_browser_clipboard')
+        self.virtual_browser_discard: Gtk.RadioButton = \
+            gtk_builder.get_object('virtual_browser_discard')
+
+        self.virtual_browser_dispvms: Gtk.ComboBox = \
+            gtk_builder.get_object('virtual_browser_dispvms')
+        self.disposables = Gtk.ListStore(object, Pixbuf, str)
+        self.virtual_browser_dispvms.set_model(self.disposables)
+        self.renderer_icon = Gtk.CellRendererPixbuf()
+        self.renderer_vmname = Gtk.CellRendererText()
+        self.virtual_browser_dispvms.pack_start(self.renderer_icon, True)
+        self.virtual_browser_dispvms.pack_start(self.renderer_vmname, True)
+        self.virtual_browser_dispvms.add_attribute( \
+            self.renderer_icon, "pixbuf", 1)
+        self.virtual_browser_dispvms.add_attribute( \
+            self.renderer_vmname, "text", 2)
+
+        default_dispvm = getattr(self.qapp, "default_dispvm", None)
+        for domain in qapp.domains:
+            if getattr(domain, "template_for_dispvms", False):
+                # pylint: disable=no-member
+                try:
+                    icon = Gtk.IconTheme.get_default().load_icon(
+                        getattr(domain, "icon", "qubes-manager"), 32, 0)
+                except gi.repository.GLib.GError:
+                    # Use Adwaita's Qube like icon if original icon is missing
+                    icon = Gtk.IconTheme.get_default().load_icon(
+                        "insert-object-symbolic", 32, 0)
+                row = self.disposables.append([domain, icon, domain.name])
+                if domain.name == default_dispvm:
+                    self.disposables[row][2] += " (Default DispVM Template)"
+
+        self._reset_virtual_browser_choice()
+        self.virtual_browser_dispvms.connect("changed", self._dispvm_selected)
+
+        # Allocating a list of handlers in case we want to add more in future
+        self.handlers: List[Union[DispvmExceptionHandler, FeatureHandler]] = [
+            DispvmExceptionHandler(
+                gtk_builder=self.builder,
+                qapp=self.qapp,
+                service_name="qubes.OpenURL",
+                policy_file_name="50-config-openurl",
+                prefix="url",
+                policy_manager=self.policy_manager,
+            )
+        ]
+
+    def _dispvm_selected(self, combo):
+        # pylint: disable=unused-argument
+        self.virtual_browser_dispvm.set_active(True)
+
+    def _reset_virtual_browser_choice(self):
+        if self.browser_action is not None \
+                and self.browser_action.startswith('disposable:') \
+                and self.browser_action[11:] in self.qapp.domains:
+            self.virtual_browser_dispvm.set_active(True)
+        elif self.browser_action == 'clipboard':
+            self.virtual_browser_clipboard.set_active(True)
+        elif self.browser_action == 'discard':
+            self.virtual_browser_discard.set_active(True)
+        else:
+            self.virtual_browser_ask.set_active(True)
+
+        default_dispvm = getattr(self.qapp, "default_dispvm", None)
+        for index, disposable in enumerate(self.disposables):
+            if self.virtual_browser_dispvm.get_active():
+                if disposable[0].name == self.browser_action[11:]:
+                    self.virtual_browser_dispvms.set_active(index)
+            elif disposable[0].name == default_dispvm:
+                self.virtual_browser_dispvms.set_active(index)
+
+    def reset(self):
+        for handler in self.handlers:
+            handler.reset()
+        self._reset_virtual_browser_choice()
+
+    def save(self):
+        for handler in self.handlers:
+            handler.save()
+        if self.virtual_browser_ask.get_active():
+            self.browser_action = None
+        elif self.virtual_browser_dispvm.get_active():
+            tree_iter = self.virtual_browser_dispvms.get_active_iter()
+            self.browser_action = "disposable:" + \
+                    self.disposables[tree_iter][0].name
+        elif self.virtual_browser_clipboard.get_active():
+            self.browser_action = "clipboard"
+        elif self.virtual_browser_discard.get_active():
+            self.browser_action = "discard"
+        apply_feature_change(self.qapp.domains[self.qapp.local_name], \
+            "virtual-browser-action", self.browser_action)
+
+    def _virtual_browser_choice(self) -> str:
+        if self.virtual_browser_ask.get_active():
+            return ""
+        if self.virtual_browser_dispvm.get_active():
+            tree_iter = self.virtual_browser_dispvms.get_active_iter()
+            return "disposable:" + self.disposables[tree_iter][0].name
+        if self.virtual_browser_clipboard.get_active():
+            return "clipboard"
+        if self.virtual_browser_discard.get_active():
+            return "discard"
+        return ""
+
+    def get_unsaved(self) -> str:
+        unsaved = []
+        for handler in self.handlers:
+            unsaved_changes = handler.get_unsaved()
+            if unsaved_changes:
+                unsaved.append(unsaved_changes)
+        if self.browser_action != self._virtual_browser_choice():
+            unsaved.append(_("Qubes Virtual Browser default action"))
+        return "\n".join(unsaved)
+
+
 class GlobalConfig(Gtk.Application):
     """
     Main Gtk.Application for new qube widget.
@@ -403,14 +536,12 @@
                 policy_manager=self.policy_manager
             )
         self.progress_bar_dialog.update_progress(page_progress)
-        self.handlers['url'] = DispvmExceptionHandler(
-            gtk_builder=self.builder,
-            qapp=self.qapp,
-            service_name="qubes.OpenURL",
-            policy_file_name="50-config-openurl",
-            prefix="url",
-            policy_manager=self.policy_manager,
-        )
+
+        self.handlers['url'] = UrlPageHandler(
+                qapp=self.qapp,
+                gtk_builder=self.builder,
+                policy_manager=self.policy_manager
+            )
         self.progress_bar_dialog.update_progress(page_progress)
 
         self.handlers['thisdevice'] = ThisDeviceHandler(self.qapp,
@@ -452,7 +583,7 @@
             label.connect("activate-link", self._activate_link)
 
     def _activate_link(self, _widget, url):
-        open_url_in_disposable(url, self.qapp)
+        open_url_in_disposable(url)
         return True
 
     def get_current_page(self) -> Optional[PageHandler]:
@@ -520,9 +651,9 @@
         label_3 = Gtk.Label()
         label_3.set_text(_("Do you want to save changes?"))
         label_3.set_xalign(0)
-        box.pack_start(label_1, False, False, 10)
-        box.pack_start(label_2, False, False, 10)
-        box.pack_start(label_3, False, False, 10)
+        box.pack_start(label_1, False, False, 10)   # pylint: disable=no-member
+        box.pack_start(label_2, False, False, 10)   # pylint: disable=no-member
+        box.pack_start(label_3, False, False, 10)   # pylint: disable=no-member
 
         response = show_dialog_with_icon(
             parent=self.main_window, title=_("Unsaved changes"), text=box,

qubes_config/policy_editor/policy_editor.py

@@ -26,7 +26,6 @@
 import gi
 import importlib.resources
 
-import qubesadmin
 from qrexec.policy.admin_client import PolicyClient
 from qrexec.policy.parser import StringPolicy
 from qrexec.exc import PolicySyntaxError
@@ -246,8 +245,7 @@
 
     @staticmethod
     def _open_docs(_widget, url):
-        qapp = qubesadmin.Qubes()
-        open_url_in_disposable(url, qapp)
+        open_url_in_disposable(url)
         return True
 
     def setup_actions(self):

qubes_config/tests/conftest.py

@@ -254,7 +254,8 @@ def test_qapp_impl():
                          'config.default.qubes-update-check': None,
                          'config-usbvm-name': None,
                          'gui-default-secure-copy-sequence': None,
-                         'gui-default-secure-paste-sequence': None
+                         'gui-default-secure-paste-sequence': None,
+                         'virtual-browser-action': None
                          }, [])
     add_expected_vm(qapp, 'sys-net', 'AppVM',
                     {'provides_network': ('bool', False, 'True')},
@@ -373,7 +374,8 @@ def test_qapp_simple(): # pylint: disable=redefined-outer-name
                          'config.default.qubes-update-check': None,
                          'config-usbvm-name': None,
                          'gui-default-secure-copy-sequence': None,
-                         'gui-default-secure-paste-sequence': None
+                         'gui-default-secure-paste-sequence': None,
+                         'virtual-browser-action': None
                          }, [])
     add_expected_vm(qapp, 'sys-net', 'AppVM',
                     {'provides_network': ('bool', False, 'True')},
@@ -427,7 +429,8 @@ def test_qapp_broken():  # pylint: disable=redefined-outer-name
                          'config.default.qubes-update-check': None,
                          'config-usbvm-name': None,
                          'gui-default-secure-copy-sequence': None,
-                         'gui-default-secure-paste-sequence': None
+                         'gui-default-secure-paste-sequence': None,
+                         'virtual-browser-action': None
                          }, [])
 
     #

qubes_config/widgets/utils.py

@@ -108,17 +108,15 @@ def compare_rule_lists(rule_list_1: List[Rule],
             return False
     return True
 
-def _open_url_in_dvm(url, default_dvm: qubesadmin.vm.QubesVM):
+def _open_url(url):
     subprocess.run(
-        ['qvm-run', '-p', '--service', f'--dispvm={default_dvm}',
-         'qubes.OpenURL'], input=url.encode(), check=False,
+        ['qubes-virtual-browser', url.encode()], input=None, check=False,
         stderr=subprocess.DEVNULL, stdout=subprocess.DEVNULL)
 
-def open_url_in_disposable(url: str, qapp: qubesadmin.Qubes):
+def open_url_in_disposable(url: str):
     """Open provided url in disposable qube based on default disposable
     template"""
-    default_dvm = qapp.default_dispvm
     open_thread = threading.Thread(group=None,
-                                   target=_open_url_in_dvm,
-                                   args=[url, default_dvm])
+                                   target=_open_url,
+                                   args=[url])
     open_thread.start()