From 2f7d1ca47666c53e875c6909666fe2054460b590 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 16 Oct 2017 01:20:27 +0200
Subject: [PATCH] vm: fix handling policy deny on admin.vm.List

vm.get_power_state() have specifically documented 'NA' state for cases
when it's unable to get VM's power state. Use this when qrexec policy
forbid checking it.

Reported by @pietrushnic
Fixes QubesOS/qubes-issues#3179
---
 qubesadmin/vm/__init__.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/qubesadmin/vm/__init__.py b/qubesadmin/vm/__init__.py
index 31d19f2..d9f76e5 100644
--- a/qubesadmin/vm/__init__.py
+++ b/qubesadmin/vm/__init__.py
@@ -168,11 +168,14 @@ class QubesVM(qubesadmin.base.PropertyHolder):
 
         '''
 
-        vm_list_info = [line
-            for line in self.qubesd_call(
-                self._method_dest, 'admin.vm.List', None, None
-            ).decode('ascii').split('\n')
-            if line.startswith(self._method_dest+' ')]
+        try:
+            vm_list_info = [line
+                for line in self.qubesd_call(
+                    self._method_dest, 'admin.vm.List', None, None
+                ).decode('ascii').split('\n')
+                if line.startswith(self._method_dest+' ')]
+        except qubesadmin.exc.QubesDaemonNoResponseError:
+            return 'NA'
         assert len(vm_list_info) == 1
         #  name class=... state=... other=...
         # NOTE: when querying dom0, we get whole list
@@ -206,7 +209,7 @@ class QubesVM(qubesadmin.base.PropertyHolder):
         :rtype: bool
         '''
 
-        return self.get_power_state() != 'Halted'
+        return self.get_power_state() not in ('Halted', 'NA')
 
     def is_networked(self):
         '''Check whether this VM can reach network (firewall notwithstanding).