Do not check for object existence when got it with another Admin API call
When qubesd returns an name of VM or other object, as part of another call (reading a property, listing devices etc), it's safe to assume that object exists. Do not try to list it, which could be prevented by qrexec policy. This means a VM object would be returned (for example in vm.netvm property), which potentially could not be listed through app.domains collection. This may lead to some corner cases, but generally should ease handling of restricted policy. This does not affect practical information the management VM have access too, as those names are already returned. It's just client side python wrapper that didn't allowed to access them. QubesOS/qubes-issues#5099
This commit is contained in:
Marek Marczykowski-Górecki
parent
83b1fc6c58
commit
5315bbf8f9
@ -233,7 +233,7 @@ class PropertyHolder(object):
|
|||||||
if prop_type == 'vm':
|
if prop_type == 'vm':
|
||||||
if value == '':
|
if value == '':
|
||||||
return None
|
return None
|
||||||
return self.app.domains[value]
|
return self.app.domains.get_blind(value)
|
||||||
if prop_type == 'label':
|
if prop_type == 'label':
|
||||||
if value == '':
|
if value == '':
|
||||||
return None
|
return None
|
||||||
|
|||||||
@ -209,7 +209,7 @@ class DeviceCollection(object):
|
|||||||
['True', 'yes', True])
|
['True', 'yes', True])
|
||||||
if persistent is not None and dev_persistent != persistent:
|
if persistent is not None and dev_persistent != persistent:
|
||||||
continue
|
continue
|
||||||
backend_domain = self._vm.app.domains[backend_domain]
|
backend_domain = self._vm.app.domains.get_blind(backend_domain)
|
||||||
yield DeviceAssignment(backend_domain, ident, options,
|
yield DeviceAssignment(backend_domain, ident, options,
|
||||||
persistent=dev_persistent,
|
persistent=dev_persistent,
|
||||||
frontend_domain=self._vm,
|
frontend_domain=self._vm,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user