qubespolicy: fix handling '$adminvm' target with ask action
All policy keywords needs to be expanded before sending it to confirmation dialog. $dispvm was already handled, but $adminvm was missing Fixes QubesOS/qubes-issues#3283
This commit is contained in:
parent
227378f2b3
commit
d3cc2d50e3
@ -617,6 +617,11 @@ class Policy(object):
|
|||||||
if verify_target_value(system_info, dispvm):
|
if verify_target_value(system_info, dispvm):
|
||||||
targets.add(dispvm)
|
targets.add(dispvm)
|
||||||
|
|
||||||
|
# expand other keywords
|
||||||
|
if '$adminvm' in targets:
|
||||||
|
targets.remove('$adminvm')
|
||||||
|
targets.add('dom0')
|
||||||
|
|
||||||
return targets
|
return targets
|
||||||
|
|
||||||
def evaluate(self, system_info, source, target):
|
def evaluate(self, system_info, source, target):
|
||||||
|
@ -685,6 +685,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
|
|||||||
f.write('$tag:tag1 $type:AppVM allow\n')
|
f.write('$tag:tag1 $type:AppVM allow\n')
|
||||||
f.write('test-no-dvm $dispvm allow\n')
|
f.write('test-no-dvm $dispvm allow\n')
|
||||||
f.write('test-standalone $dispvm allow\n')
|
f.write('test-standalone $dispvm allow\n')
|
||||||
|
f.write('test-standalone $adminvm allow\n')
|
||||||
policy = qubespolicy.Policy('test.service', tmp_policy_dir)
|
policy = qubespolicy.Policy('test.service', tmp_policy_dir)
|
||||||
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
||||||
'test-vm1'), ['test-vm1', 'test-vm2', 'test-vm3',
|
'test-vm1'), ['test-vm1', 'test-vm2', 'test-vm3',
|
||||||
@ -698,7 +699,7 @@ class TC_20_Policy(qubes.tests.QubesTestCase):
|
|||||||
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
||||||
'test-standalone'), ['test-vm1', 'test-vm2', 'test-vm3',
|
'test-standalone'), ['test-vm1', 'test-vm2', 'test-vm3',
|
||||||
'default-dvm', 'test-no-dvm', 'test-invalid-dvm',
|
'default-dvm', 'test-no-dvm', 'test-invalid-dvm',
|
||||||
'$dispvm:default-dvm'])
|
'$dispvm:default-dvm', 'dom0'])
|
||||||
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
self.assertCountEqual(policy.collect_targets_for_ask(system_info,
|
||||||
'test-no-dvm'), [])
|
'test-no-dvm'), [])
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user