From c87fcd7e2e00a262756561d8a2afbcb52f371f44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 16 Feb 2018 04:36:42 +0100
Subject: [PATCH] qubespolicy: use separate arguments for original target type
 and value

Provide original target as two arguments: type, value
This will ease handling special keywords without risking hitting shell
special characters or other problems.
---
 qubespolicy/__init__.py       | 13 +++++++++++--
 qubespolicy/tests/__init__.py | 16 ++++++++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/qubespolicy/__init__.py b/qubespolicy/__init__.py
index 666f0e43..248b65cb 100755
--- a/qubespolicy/__init__.py
+++ b/qubespolicy/__init__.py
@@ -58,6 +58,10 @@ class Action(enum.Enum):
     deny = 2
     ask = 3
 
+def is_special_value(value):
+    '''Check if given source/target specification is special (keyword) value
+    '''
+    return value.startswith('$')
 
 def verify_target_value(system_info, value):
     ''' Check if given value names valid target
@@ -449,11 +453,16 @@ class PolicyAction(object):
         if self.target == '$adminvm':
             self.target = 'dom0'
         if self.target == 'dom0':
+            original_target_type = \
+                'keyword' if is_special_value(self.original_target) else 'name'
+            original_target = self.original_target.lstrip('$')
             cmd = \
-                'QUBESRPC {service} {source} {original_target}'.format(
+                'QUBESRPC {service} {source} {original_target_type} ' \
+                '{original_target}'.format(
                     service=self.service,
                     source=self.source,
-                    original_target=self.original_target)
+                    original_target_type=original_target_type,
+                    original_target=original_target)
         else:
             cmd = '{user}:QUBESRPC {service} {source}'.format(
                 user=(self.rule.override_user or 'DEFAULT'),
diff --git a/qubespolicy/tests/__init__.py b/qubespolicy/tests/__init__.py
index 939a509c..45ee32bc 100644
--- a/qubespolicy/tests/__init__.py
+++ b/qubespolicy/tests/__init__.py
@@ -514,8 +514,20 @@ class TC_10_PolicyAction(qubes.tests.QubesTestCase):
         self.assertEqual(mock_subprocess.mock_calls,
             [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'dom0',
              '-c', 'some-ident',
-             qubespolicy.QUBES_RPC_MULTIPLEXER_PATH +
-             ' test.service test-vm1 dom0'])])
+             'QUBESRPC test.service test-vm1 name dom0'])])
+
+    @unittest.mock.patch('qubespolicy.qubesd_call')
+    @unittest.mock.patch('subprocess.call')
+    def test_021_execute_dom0_keyword(self, mock_subprocess, mock_qubesd_call):
+        rule = qubespolicy.PolicyRule('$anyvm dom0 allow')
+        action = qubespolicy.PolicyAction('test.service', 'test-vm1',
+            'dom0', rule, '$adminvm')
+        action.execute('some-ident')
+        self.assertEqual(mock_qubesd_call.mock_calls, [])
+        self.assertEqual(mock_subprocess.mock_calls,
+            [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'dom0',
+             '-c', 'some-ident',
+             'QUBESRPC test.service test-vm1 keyword adminvm'])])
 
     @unittest.mock.patch('qubespolicy.qubesd_call')
     @unittest.mock.patch('subprocess.call')