diff --git a/dom0/restore/qfile-daemon-dvm b/dom0/restore/qfile-daemon-dvm
index 4ac2271b..1a9fd8ff 100755
--- a/dom0/restore/qfile-daemon-dvm
+++ b/dom0/restore/qfile-daemon-dvm
@@ -126,6 +126,8 @@ def main():
     global notify_object
     exec_index = sys.argv[1]
     src_vmname = sys.argv[2]
+    user = sys.argv[3]
+
     notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
     qfile = QfileDaemonDvm(src_vmname)
     lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
@@ -135,7 +137,7 @@ def main():
     lockf.close()
     if dispname is not None:
         subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname,
-            'user:exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
+            user+":exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
         subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
         qfile.remove_disposable_from_qdb(dispname)
 
diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
index 4468f5d6..f8d2ec42 100755
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@@ -1,45 +1,69 @@
 #!/usr/bin/python
 import sys
 import os
+import os.path
 import subprocess
  
 POLICY_FILE_DIR="/etc/qubes_rpc/policy"
 QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
 
+def line_to_dict(line):
+    tokens=line.split()
+    if len(tokens) < 3:
+        return None
+    dict={}
+    dict['source']=tokens[0]
+    dict['dest']=tokens[1]
+    
+    action_list=tokens[2].split(',')
+    dict['action']=action_list.pop(0)
+    
+    for iter in action_list:
+        paramval=iter.split("=")
+        dict["action."+paramval[0]]=paramval[1]
+    
+    return dict 
+
+
 def read_policy_file(exec_index):
-    policy=list()
-    f = open(POLICY_FILE_DIR+"/"+exec_index)
+    policy_file=POLICY_FILE_DIR+"/"+exec_index
+    if not os.path.isfile(policy_file):
+        return None
+    policy_list=list()
+    f = open(policy_file)
     for iter in f.readlines():
-        policy.append(iter.split())
+        dict = line_to_dict(iter)
+        if dict is not None:
+            policy_list.append(dict)
     f.close()
-    return policy
+    return policy_list
 
 def is_match(item, config_term):
     return (item is not "dom0" and config_term == "anyvm") or item == config_term
 
-def apply_policy(policy, domain, target):
+def get_default_policy():
+    dict={}
+    dict["action"]="deny"
+    return dict
+    
+
+def find_policy(policy, domain, target):
     for iter in policy:
-        if len(iter) < 3:
+        if not is_match(domain, iter["source"]):
             continue
-        if not is_match(domain, iter[0]):
+        if not is_match(target, iter["dest"]):
             continue
-        if not is_match(target, iter[1]):
-            continue
-        ret=iter[2].split("=")
-        if len(ret)==1:
-            return (ret[0], None)
-        else:
-            return (ret[0], ret[1])
-    return (None, None)
-        
-def do_execute(domain, target, exec_index, process_ident):
+        return iter
+    return get_default_policy()
+                
+def do_execute(domain, target, user, exec_index, process_ident):
     if target == "dom0":
         cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
     elif target == "dispvm":
-        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain
+        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
     else:
 #fixme: qvm-run --pass_io is broken for non-running target domain
-        cmd= "qvm-run -uroot -q -a --pass_io "+target
+        cmd= "qvm-run -uroot -q -a --pass_io "+target + " -u" + user 
         cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
     os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
 
@@ -61,19 +85,30 @@ def main():
     exec_index=sys.argv[3]
     process_ident=sys.argv[4]
     
-    action = None
-    while action is None:
-        policy = read_policy_file(exec_index)
-        (action, params) = apply_policy(policy, domain, target)
-        if action is None:
-            policy_editor(domain, target, exec_index)
-    if action == "allow":
-        do_execute(domain, target, exec_index, process_ident)
-    elif action == "divert":
-        do_execute(domain, params, exec_index, process_ident)
-    elif action == "ask":
+    policy_list=read_policy_file(exec_index)
+    if policy_list==None:
+        policy_editor(domain, target, exec_index)
+        policy_list=read_policy_file(exec_index)
+        if policy_list==None:
+            policy_list=list()
+
+    policy_dict=find_policy(policy_list, domain, target)
+    
+    if policy_dict["action"] == "ask":
         if confirm_execution(domain, target, exec_index):
-            do_execute(domain, target, exec_index, process_ident)
+            policy_dict["action"] = "allow"
+        else:
+            policy_dict["action"] = "deny"
+    
+    if policy_dict["action"] == "allow":
+        if policy_dict.has_key("action.target"):
+            target=policy_dict["action.target"]
+        if policy_dict.has_key("action.user"):
+            user=policy_dict["action.user"]
+        else:
+            user="user"
+        do_execute(domain, target, user, exec_index, process_ident)
+
     print >> sys.stderr, "Rpc denied:", domain, target, exec_index    
     os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)