Beispiel #1
0
        def filter_events(event):
            subject, event, kwargs = event
            try:
                dest = subject.name
            except AttributeError:
                # domain-add and similar events fired on the Qubes() object
                if 'vm' in kwargs:
                    dest = kwargs['vm'].name
                else:
                    dest = '@adminvm'

            policy = self.policy_cache.get_policy()
            # TODO: cache system_info (based on last qubes.xml write time?)
            system_info = qubes.api.internal.get_system_info(vm.app)
            request = parser.Request(
                'admin.Events',
                '+' + event.replace(':', '_'),
                vm.name,
                dest,
                system_info=system_info,
                ask_resolution_type=JustEvaluateAskResolution,
                allow_resolution_type=JustEvaluateAllowResolution)
            try:
                resolution = policy.evaluate(request)
                # do not consider 'ask' as allow here,
                # this needs to be not interactive
                return isinstance(resolution, parser.AllowResolution)
            except parser.AccessDenied:
                return False
Beispiel #2
0
 def filter_vms(dest_vm):
     request = parser.Request(
         'admin.vm.List',
         '+' + arg,
         vm.name,
         dest_vm.name,
         system_info=system_info,
         ask_resolution_type=JustEvaluateAskResolution,
         allow_resolution_type=JustEvaluateAllowResolution)
     try:
         resolution = policy.evaluate(request)
         # do not consider 'ask' as allow here,
         # this needs to be not interactive
         return isinstance(resolution, parser.AllowResolution)
     except parser.AccessDenied:
         return False