6 lat temu · bdaf92f9dc
--- a/qubes-rpc/policy.RegisterArgument
+++ b/qubes-rpc/policy.RegisterArgument
@@ -18,6 +18,38 @@
 
				 # License along with this library; if not, see <https://www.gnu.org/licenses/>.
			
 
				 #
			
 
				 
			
 
				+'''policy.RegisterArgument
			
 
				+
			
 
				+This qrexec is meant for services, which require some kind of "registering"
			
 
				+before use (say ``example.Register`` and ``example.Perform+ARGUMENT``). After
			
 
				+registering, the backend should invoke this call with frontend as the intended
			
 
				+destination, with the actual service in argument of this call and the argument
			
 
				+as the payload. The policy generated will be a single line with explicit
			
 
				+frontend and backend domain names, and a plain "allow", without further
			
 
				+qualifiers.
			
 
				+
			
 
				+The call allows for registering an argument only once, for one frontend domain.
			
 
				+There is not possibility of deregistering or reregistering for another frontend.
			
 
				+The backend can always register another argument for any frontend, including
			
 
				+one that is already registered for some other argument.
			
 
				+
			
 
				+By default this qrexec is disabled by policy. To actually use it you should
			
 
				+drop a policy for an exact call you want to register which will redirect the
			
 
				+call to dom0.
			
 
				+
			
 
				+.. code-block:: none
			
 
				+    :caption: /etc/qubes-rpc/policy/policy.RegisterArgument+example.Perform
			
 
				+
			
 
				+    backendvm $anyvm allow,target=dom0
			
 
				+
			
 
				+It will generate, for argument ``EXAMPLE``:
			
 
				+
			
 
				+.. code-bloc:: none
			
 
				+    :caption: /etc/qubes-rpc/policy/example.Perform+EXAMPLE
			
 
				+
			
 
				+    frontendvm backendvm allow
			
 
				+'''
			
 
				+
			
 
				 import logging
			
 
				 import os
			
 
				 import string
			
@@ -72,14 +104,14 @@ def main():
 
				 
			
 
				     argument = untrusted_argument
			
 
				     del untrusted_argument
			
 
				-    argument = argument.decode('ascii')
			
 
				+    argument = argument.decode('ascii', errors='strict')
			
 
				 
			
 
				     filename = '{}+{}'.format(rpcname, argument)
			
 
				     logging.debug('%s %s → %s argument %s filename %s',
			
 
				             rpcname, frontend, backend, argument, filename)
			
 
				 
			
 
				     try:
			
 
				-        # the 'x' is critical
			
 
				+        # the 'x' enforces that argument cannot be registered twice
			
 
				         with open(str(POLICY_PATH / filename), 'x') as file:
			
 
				             rule = POLICY_RULE.format(frontend=frontend, backend=backend)
			
 
				             logging.warning('%s: %s → %s %s argument allowed',