From 92e5daca7beacaa799f3b0d782e7f73ab32f2eb9 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Wed, 26 Jul 2023 11:26:59 -0400
Subject: [PATCH] Disable Tracker (GNOME desktop search) by default

Tracker has several problems that make it ill-suited to Qubes OS:

- It parses untrusted email attachments downloaded to ~/Downloads, as
  well as the contents of several other directories.  The parsing code
  is written in C and so may have memory corruption vulnerabilities.  A
  remote code execution flaw in Tracker could be exploited by a
  malicious email attachment, even if the user would have only ever
  opened that attachment in a disposable VM.

- It uses a nontrivial amount of memory (61.8MB in one test).  This is
  significant when multiplied by the number of qubes running at a time.

- Tracker is normally used by GNOME Shell, GNOME Photos, and other GNOME
  applications, but (to the best of my knowledge) no application that
  uses Tracker is frequently used in Qubes OS.  This is very different
  from a default Fedora install, where Tracker provides desktop search
  in GNOME Shell and therefore provides a much larger benefit to the
  user.

For these reasons, disable Tracker by default.  It can be re-enabled via

$ qvm-service VMNAME enable tracker

where VMNAME is the name of the qube in which Tracker should run.

Fixes: QubesOS/qubes-issues#8372
---
 Makefile                                                  | 8 +++++++-
 debian/qubes-core-agent.install                           | 6 ++++++
 rpm_spec/core-agent.spec.in                               | 6 ++++++
 vm-systemd/user/tracker-extract-3.service.d/30_qubes.conf | 2 ++
 .../user/tracker-miner-fs-3.service.d/30_qubes.conf       | 2 ++
 .../tracker-miner-fs-control-3.service.d/30_qubes.conf    | 2 ++
 .../user/tracker-miner-rss-3.service.d/30_qubes.conf      | 2 ++
 .../user/tracker-writeback-3.service.d/30_qubes.conf      | 2 ++
 .../user/tracker-xdg-portal-3.service.d/30_qubes.conf     | 2 ++
 9 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 vm-systemd/user/tracker-extract-3.service.d/30_qubes.conf
 create mode 100644 vm-systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
 create mode 100644 vm-systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf
 create mode 100644 vm-systemd/user/tracker-miner-rss-3.service.d/30_qubes.conf
 create mode 100644 vm-systemd/user/tracker-writeback-3.service.d/30_qubes.conf
 create mode 100644 vm-systemd/user/tracker-xdg-portal-3.service.d/30_qubes.conf

diff --git a/Makefile b/Makefile
index e95dd1103..885a032e2 100644
--- a/Makefile
+++ b/Makefile
@@ -57,7 +57,13 @@ endif
 SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service
 SYSTEM_DROPINS_NETWORKING += tinyproxy.service
 
-USER_DROPINS :=
+USER_DROPINS := \
+	tracker-xdg-portal-3.service \
+	tracker-writeback-3.service \
+	tracker-miner-rss-3.service \
+	tracker-miner-fs-control-3.service \
+	tracker-miner-fs-3.service \
+	tracker-extract-3.service
 
 # Ubuntu Dropins
 ifeq ($(release),Ubuntu)
diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index 078d7c350..556db64b5 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -103,6 +103,12 @@ lib/systemd/system/tor@default.service.d/30_qubes.conf
 lib/systemd/system/sysinit.target.requires
 lib/systemd/system/systemd-timesyncd.service.d/30_qubes.conf
 lib/systemd/system/systemd-logind.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-extract-3.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-miner-rss-3.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-writeback-3.service.d/30_qubes.conf
+usr/lib/systemd/user/tracker-xdg-portal-3.service.d/30_qubes.conf
 lib/udev/rules.d/50-qubes-mem-hotplug.rules
 usr/bin/qubes-desktop-run
 usr/bin/qubes-open
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index 99ca6441b..769a746f8 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -1178,6 +1178,12 @@ The Qubes core startup configuration for SystemD init.
 %_unitdir/tor@default.service.d/30_qubes.conf
 %_unitdir/tmp.mount.d/30_qubes.conf
 %_unitdir/sysinit.target.requires/systemd-random-seed.service
+%_userunitdir/tracker-extract-3.service.d/30_qubes.conf
+%_userunitdir/tracker-miner-fs-3.service.d/30_qubes.conf
+%_userunitdir/tracker-miner-fs-control-3.service.d/30_qubes.conf
+%_userunitdir/tracker-miner-rss-3.service.d/30_qubes.conf
+%_userunitdir/tracker-writeback-3.service.d/30_qubes.conf
+%_userunitdir/tracker-xdg-portal-3.service.d/30_qubes.conf
 
 %post systemd
 
diff --git a/vm-systemd/user/tracker-extract-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-extract-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-extract-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker
diff --git a/vm-systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker
diff --git a/vm-systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker
diff --git a/vm-systemd/user/tracker-miner-rss-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-miner-rss-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-miner-rss-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker
diff --git a/vm-systemd/user/tracker-writeback-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-writeback-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-writeback-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker
diff --git a/vm-systemd/user/tracker-xdg-portal-3.service.d/30_qubes.conf b/vm-systemd/user/tracker-xdg-portal-3.service.d/30_qubes.conf
new file mode 100644
index 000000000..4afb93669
--- /dev/null
+++ b/vm-systemd/user/tracker-xdg-portal-3.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/run/qubes-service/tracker