qubespolicy: plug GUI code into qrexec-policy tool

Fixes QubesOS/qubes-issues#910
This commit is contained in:
Marek Marczykowski-Górecki 2017-03-24 16:27:02 +01:00
parent 44e9ce4189
commit 4d3f539f7f
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -67,9 +67,24 @@ def main(args=None):
policy = qubespolicy.Policy(args.service_name)
action = policy.evaluate(system_info, args.domain, args.target)
if action.action == qubespolicy.Action.ask:
#(... ask the user, see action.targets_for_ask ...)
# TODO: this is placeholder
#action.handle_user_response(response, target_chosen_by_user)
# late import to save on time for allow/deny actions
import qubespolicy.rpcconfirmation as rpcconfirmation
entries_info = system_info['domains'].copy()
for dispvm_base in system_info['domains']:
if not system_info['domains'][dispvm_base]['dispvm_allowed']:
continue
dispvm_api_name = '$dispvm:' + dispvm_base
entries_info[dispvm_api_name] = \
system_info['domains'][dispvm_base].copy()
entries_info[dispvm_api_name]['icon'] = \
entries_info[dispvm_api_name]['icon'].replace('app', 'disp')
response = rpcconfirmation.confirm_rpc(
entries_info, args.domain, args.service_name,
action.targets_for_ask, action.target)
if response:
action.handle_user_response(True, response)
else:
action.handle_user_response(False)
log.info(log_prefix + 'allowed')
action.execute(caller_ident)