From 405fd40aaa75d0026857ba1d99494256fc299ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 17 May 2016 22:59:39 +0200 Subject: [PATCH] Add policy for qubes.OpenURL service For now the same as for qubes.OpenInVM. Fixes QubesOS/qubes-issues#1487 --- Makefile | 1 + qubes-rpc-policy/qubes.OpenURL.policy | 10 ++++++++++ rpm_spec/core-dom0.spec | 1 + 3 files changed, 12 insertions(+) create mode 100644 qubes-rpc-policy/qubes.OpenURL.policy diff --git a/Makefile b/Makefile index 189989b5..545e8089 100644 --- a/Makefile +++ b/Makefile @@ -72,6 +72,7 @@ endif mkdir -p $(DESTDIR)/usr/libexec/qubes cp qubes-rpc-policy/qubes.Filecopy.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.Filecopy cp qubes-rpc-policy/qubes.OpenInVM.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.OpenInVM + cp qubes-rpc-policy/qubes.OpenURL.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.OpenURL cp qubes-rpc-policy/qubes.VMShell.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.VMShell cp qubes-rpc-policy/qubes.NotifyUpdates.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyUpdates cp qubes-rpc-policy/qubes.NotifyTools.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyTools diff --git a/qubes-rpc-policy/qubes.OpenURL.policy b/qubes-rpc-policy/qubes.OpenURL.policy new file mode 100644 index 00000000..27303cc9 --- /dev/null +++ b/qubes-rpc-policy/qubes.OpenURL.policy @@ -0,0 +1,10 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +sys-whonix anon-whonix allow +whonix-gw anon-whonix allow +whonix-ws anon-whonix allow +$anyvm $dispvm allow +$anyvm $anyvm ask diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index a9b5188b..86c531bf 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -249,6 +249,7 @@ fi %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.Filecopy %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.GetImageRGBA %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenInVM +%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenURL %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyTools %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyUpdates %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMShell