marmarek · June 12, 2019 13:24
diff --git a/__init__.py b/__init__.py
 import qubes.ext

 import qubespolicy

 class AdminListExtension(qubes.ext.Extension):

    def get_system_info(self, app):
        system_info = {'domains': {
            domain.name: {
                'tags': list(domain.tags),
                'type': domain.__class__.__name__,
                'template_for_dispvms':
                    getattr(domain, 'template_for_dispvms', False),
                'default_dispvm': (str(domain.default_dispvm) if
                    getattr(domain, 'default_dispvm', None) else None),
                'icon': str(domain.label.icon),
            } for domain in app.domains
        }}
        return system_info

    @qubes.ext.handler('admin-permission:admin.vm.List')
    def admin_vm_list(self, vm, event, arg, **kwargs):
        # allow listing everything in dom0
        if vm.klass == 'AdminVM':
            return
        policy = qubespolicy.Policy('admin.vm.List')
        system_info = self.get_system_info(vm.app)
        def filter_vms(dest_vm):
            try:
                result = policy.evaluate(system_info, vm.name, dest_vm.name)
                if result.action == qubespolicy.Action.allow:
                    return True
                # TODO: what about 'ask' action?
            except qubespolicy.AccessDenied:
                # skip
                pass
            return False
        return (filter_vms,)
diff --git a/setup.py b/setup.py
 from setuptools import setup

 if __name__ == '__main__':
    setup(
            name='adminlistfilter',
            packages=['adminlistfilter'],
            entry_points={
                'qubes.ext': [
                    'adminlistfilter = adminlistfilter:AdminListExtension',
                    ]
                },
            )
	import qubes.ext

	import qubespolicy

	class AdminListExtension(qubes.ext.Extension):

	def get_system_info(self, app):
	system_info = {'domains': {
	domain.name: {
	'tags': list(domain.tags),
	'type': domain.__class__.__name__,
	'template_for_dispvms':
	getattr(domain, 'template_for_dispvms', False),
	'default_dispvm': (str(domain.default_dispvm) if
	getattr(domain, 'default_dispvm', None) else None),
	'icon': str(domain.label.icon),
	} for domain in app.domains
	}}
	return system_info

	@qubes.ext.handler('admin-permission:admin.vm.List')
	def admin_vm_list(self, vm, event, arg, **kwargs):
	# allow listing everything in dom0
	if vm.klass == 'AdminVM':
	return
	policy = qubespolicy.Policy('admin.vm.List')
	system_info = self.get_system_info(vm.app)
	def filter_vms(dest_vm):
	try:
	result = policy.evaluate(system_info, vm.name, dest_vm.name)
	if result.action == qubespolicy.Action.allow:
	return True
	# TODO: what about 'ask' action?
	except qubespolicy.AccessDenied:
	# skip
	pass
	return False
	return (filter_vms,)
	from setuptools import setup

	if __name__ == '__main__':
	setup(
	name='adminlistfilter',
	packages=['adminlistfilter'],
	entry_points={
	'qubes.ext': [
	'adminlistfilter = adminlistfilter:AdminListExtension',
	]
	},
	)