qrexec: use $anyvm and $dispvm symbols

2011-07-22 16:07:06 +02:00 · 2011-07-22 16:07:06 +02:00 · 259d08a83e
commit 259d08a83e
parent 73ec4f595b
7 changed files with 9 additions and 9 deletions
--- a/appvm/qubes.Filecopy.policy
+++ b/appvm/qubes.Filecopy.policy
@ -1 +1 @@
-anyvm	anyvm	ask,user=root
+$anyvm	$anyvm	ask,user=root
--- a/appvm/qubes.OpenInVM.policy
+++ b/appvm/qubes.OpenInVM.policy
@ -1,2 +1,2 @@
-anyvm	dispvm	allow
-anyvm	anyvm	ask
+$anyvm	$dispvm	allow
+$anyvm	$anyvm	ask
--- a/appvm/qvm-open-in-dvm2
+++ b/appvm/qvm-open-in-dvm2
@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
 	exit 1
 fi

-exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
+exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
--- a/dom0/aux-tools/qubes.ReceiveUpdates.policy
+++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy
@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
--- a/dom0/qubes.SyncAppMenus.policy
+++ b/dom0/qubes.SyncAppMenus.policy
@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
                        continue;
                if (*untrusted_s >= '0' && *untrusted_s <= '9')
                        continue;
-                if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+                if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
                        continue;
                *untrusted_s = '_';
        }
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@ -40,7 +40,7 @@ def read_policy_file(exec_index):
    return policy_list

 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "anyvm") or item == config_term
+    return (item is not "dom0" and config_term == "$anyvm") or item == config_term

 def get_default_policy():
    dict={}
@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
 def do_execute(domain, target, user, exec_index, process_ident):
    if target == "dom0":
        cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
-    elif target == "dispvm":
+    elif target == "$dispvm":
        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
    else:
    # see the previous commit why "qvm-run -a" is broken and dangerous