Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes/tests: fix qrexec policy context

Browse Source 
Now it removes policy file if it was created while entering the context.
This commit is contained in:
Wojtek Porczyk 2017-05-31 23:59:02 +02:00
parent bbe757d0a7
commit cb3c9a82b3
1 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
qubes/tests/__init__.py
View File

@ -243,31 +243,47 @@ class _QrexecPolicyContext(object):
self._filename = pathlib.Path('/etc/qubes-rpc/policy') / service self._filename = pathlib.Path('/etc/qubes-rpc/policy') / service
self._rule = '{} {} {}\n'.format(source, destination, self._rule = '{} {} {}\n'.format(source, destination,
'allow' if allow else 'deny') 'allow' if allow else 'deny')
self._did_create = False
self._handle = None
def _change(self, add=True): def load(self):
try: if self._handle is None:
policy = self._filename.open('r+') try:
except FileNotFoundError: self._handle = self._filename.open('r+')
policy = self._filename.open('w+') except FileNotFoundError:
self._handle = self._filename.open('w+')
self._did_create = True
self._handle.seek(0)
return self._handle.readlines()
try: def save(self, rules):
policy_rules = policy.readlines() assert self._handle is not None
if add: self._handle.truncate(0)
policy_rules.insert(0, self._rule) self._handle.seek(0)
else: self._handle.write(''.join(rules))
policy_rules.remove(self._rule)
policy.truncate(0) def close(self):
policy.seek(0) assert self._handle is not None
policy.write(''.join(policy_rules)) self._handle.close()
finally: self._handle = None
policy.close()
def __enter__(self): def __enter__(self):
self._change(add=True) rules = self.load()
rules.insert(0, self._rule)
self.save(self._rule)
return self return self
def __exit__(self, exc_type, exc_value, tb): def __exit__(self, exc_type, exc_value, tb):
self._change(add=False) if not self._did_create:
try:
rules = self.load()
rules.remove(self._rule)
self.save(rules)
finally:
self.close()
else:
self.close()
os.unlink(self._filename)
class substitute_entry_points(object): class substitute_entry_points(object):
'''Monkey-patch pkg_resources to substitute one group in iter_entry_points '''Monkey-patch pkg_resources to substitute one group in iter_entry_points