qubespolicy: unify calling qrexec service

Rely on qrexec-client resolving QUBESRPC keyword, same as in case of VM call. This will allow applying special treatment to such calls, like calling qubes-rpc-multiplexer directly (avoiding shell), because we have defined protocol what can be used here.
2018-02-16 04:30:32 +01:00 · 2018-02-16 04:30:32 +01:00 · 7c50bd5104
commit 7c50bd5104
parent b00bbb73e4
1 changed files with 5 additions and 6 deletions
--- a/qubespolicy/init.py
+++ b/qubespolicy/init.py
@ -29,7 +29,6 @@ import subprocess

 # don't import 'qubes.config' please, it takes 0.3s
 QREXEC_CLIENT = '/usr/lib/qubes/qrexec-client'
-QUBES_RPC_MULTIPLEXER_PATH = '/usr/lib/qubes/qubes-rpc-multiplexer'
 POLICY_DIR = '/etc/qubes-rpc/policy'
 QUBESD_INTERNAL_SOCK = '/var/run/qubesd.internal.sock'
 QUBESD_SOCK = '/var/run/qubesd.sock'
@ -450,11 +449,11 @@ class PolicyAction(object):
        if self.target == '$adminvm':
            self.target = 'dom0'
        if self.target == 'dom0':
-            cmd = '{multiplexer} {service} {source} {original_target}'.format(
-                multiplexer=QUBES_RPC_MULTIPLEXER_PATH,
-                service=self.service,
-                source=self.source,
-                original_target=self.original_target)
+            cmd = \
+                'QUBESRPC {service} {source} {original_target}'.format(
+                    service=self.service,
+                    source=self.source,
+                    original_target=self.original_target)
        else:
            cmd = '{user}:QUBESRPC {service} {source}'.format(
                user=(self.rule.override_user or 'DEFAULT'),