qrexec: use $anyvm and $dispvm symbols

Rafal Wojtczuk · Rafal Wojtczuk · commit c23cc480b8cb · 2011-07-22T16:07:06.000+02:00
diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy
@@ -1 +1 @@
-anyvm	anyvm	ask,user=root
+$anyvm	$anyvm	ask,user=root
diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy
@@ -1,2 +1,2 @@
-anyvm	dispvm	allow
-anyvm	anyvm	ask
+$anyvm	$dispvm	allow
+$anyvm	$anyvm	ask
diff --git a/appvm/qvm-open-in-dvm2 b/appvm/qvm-open-in-dvm2
@@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
 	exit 1
 fi
 
-exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
+exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
@@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
                         continue;
                 if (*untrusted_s >= '0' && *untrusted_s <= '9')
                         continue;
-                if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+                if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
                         continue;
                 *untrusted_s = '_';
         }
diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
@@ -40,7 +40,7 @@ def read_policy_file(exec_index):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "anyvm") or item == config_term
+    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}
@@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
 def do_execute(domain, target, user, exec_index, process_ident):
     if target == "dom0":
         cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
-    elif target == "dispvm":
+    elif target == "$dispvm":
         cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
     else:
     # see the previous commit why "qvm-run -a" is broken and dangerous

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-anyvm anyvm ask,user=root`
	`1`	`+$anyvm $anyvm ask,user=root`
Original file line number	Diff line number	Diff line change
`@@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)`
`372`	`372`	`continue;`
`373`	`373`	`if (untrusted_s >= '0' && untrusted_s <= '9')`
`374`	`374`	`continue;`
`375`		`- if (untrusted_s == '_' \|\| untrusted_s == '-' \|\| untrusted_s == '.' \|\| untrusted_s == ' ')`
	`375`	`+ if (untrusted_s == '$' \|\| untrusted_s == '_' \|\| untrusted_s == '-' \|\| untrusted_s == '.' \|\| *untrusted_s == ' ')`
`376`	`376`	`continue;`
`377`	`377`	`*untrusted_s = '_';`
`378`	`378`	`}`