From 4d3f539f7fa927307b3f3797edb576fd793baed0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 24 Mar 2017 16:27:02 +0100 Subject: [PATCH] qubespolicy: plug GUI code into qrexec-policy tool Fixes QubesOS/qubes-issues#910 --- qubespolicy/cli.py | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/qubespolicy/cli.py b/qubespolicy/cli.py index 5d2e3020..47bf7b8c 100644 --- a/qubespolicy/cli.py +++ b/qubespolicy/cli.py @@ -67,10 +67,25 @@ def main(args=None): policy = qubespolicy.Policy(args.service_name) action = policy.evaluate(system_info, args.domain, args.target) if action.action == qubespolicy.Action.ask: - #(... ask the user, see action.targets_for_ask ...) - # TODO: this is placeholder - #action.handle_user_response(response, target_chosen_by_user) - action.handle_user_response(False) + # late import to save on time for allow/deny actions + import qubespolicy.rpcconfirmation as rpcconfirmation + entries_info = system_info['domains'].copy() + for dispvm_base in system_info['domains']: + if not system_info['domains'][dispvm_base]['dispvm_allowed']: + continue + dispvm_api_name = '$dispvm:' + dispvm_base + entries_info[dispvm_api_name] = \ + system_info['domains'][dispvm_base].copy() + entries_info[dispvm_api_name]['icon'] = \ + entries_info[dispvm_api_name]['icon'].replace('app', 'disp') + + response = rpcconfirmation.confirm_rpc( + entries_info, args.domain, args.service_name, + action.targets_for_ask, action.target) + if response: + action.handle_user_response(True, response) + else: + action.handle_user_response(False) log.info(log_prefix + 'allowed') action.execute(caller_ident) except qubespolicy.PolicySyntaxError as e: