qubespolicy: plug GUI code into qrexec-policy tool
Fixes QubesOS/qubes-issues#910
This commit is contained in:
parent
44e9ce4189
commit
4d3f539f7f
@ -67,10 +67,25 @@ def main(args=None):
|
||||
policy = qubespolicy.Policy(args.service_name)
|
||||
action = policy.evaluate(system_info, args.domain, args.target)
|
||||
if action.action == qubespolicy.Action.ask:
|
||||
#(... ask the user, see action.targets_for_ask ...)
|
||||
# TODO: this is placeholder
|
||||
#action.handle_user_response(response, target_chosen_by_user)
|
||||
action.handle_user_response(False)
|
||||
# late import to save on time for allow/deny actions
|
||||
import qubespolicy.rpcconfirmation as rpcconfirmation
|
||||
entries_info = system_info['domains'].copy()
|
||||
for dispvm_base in system_info['domains']:
|
||||
if not system_info['domains'][dispvm_base]['dispvm_allowed']:
|
||||
continue
|
||||
dispvm_api_name = '$dispvm:' + dispvm_base
|
||||
entries_info[dispvm_api_name] = \
|
||||
system_info['domains'][dispvm_base].copy()
|
||||
entries_info[dispvm_api_name]['icon'] = \
|
||||
entries_info[dispvm_api_name]['icon'].replace('app', 'disp')
|
||||
|
||||
response = rpcconfirmation.confirm_rpc(
|
||||
entries_info, args.domain, args.service_name,
|
||||
action.targets_for_ask, action.target)
|
||||
if response:
|
||||
action.handle_user_response(True, response)
|
||||
else:
|
||||
action.handle_user_response(False)
|
||||
log.info(log_prefix + 'allowed')
|
||||
action.execute(caller_ident)
|
||||
except qubespolicy.PolicySyntaxError as e:
|
||||
|
Loading…
Reference in New Issue
Block a user