qubespolicy: fix handling '$adminvm' target with ask action

All policy keywords needs to be expanded before sending it to
confirmation dialog. $dispvm was already handled, but $adminvm was
missing

Fixes QubesOS/qubes-issues#3283

qubespolicy/__init__.py

@@ -617,6 +617,11 @@ class Policy(object):
                 if verify_target_value(system_info, dispvm):
                     targets.add(dispvm)
 
+        # expand other keywords
+        if '$adminvm' in targets:
+            targets.remove('$adminvm')
+            targets.add('dom0')
+
         return targets
 
     def evaluate(self, system_info, source, target):

qubespolicy/tests/__init__.py

@@ -685,6 +685,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
             f.write('$tag:tag1 $type:AppVM allow\n')
             f.write('test-no-dvm $dispvm allow\n')
             f.write('test-standalone $dispvm allow\n')
+            f.write('test-standalone $adminvm allow\n')
         policy = qubespolicy.Policy('test.service', tmp_policy_dir)
         self.assertCountEqual(policy.collect_targets_for_ask(system_info,
             'test-vm1'), ['test-vm1', 'test-vm2', 'test-vm3',
@@ -698,7 +699,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
         self.assertCountEqual(policy.collect_targets_for_ask(system_info,
             'test-standalone'), ['test-vm1', 'test-vm2', 'test-vm3',
             'default-dvm', 'test-no-dvm', 'test-invalid-dvm',
-            '$dispvm:default-dvm'])
+            '$dispvm:default-dvm', 'dom0'])
         self.assertCountEqual(policy.collect_targets_for_ask(system_info,
             'test-no-dvm'), [])