## Configure Qubes RPC "allow" policies for SecureDrop Workstation. # # This file is provisioned by secureDrop-workstation-dom0-config. # Do not modify this file! # # Qubes suggests the allow policies be evaluated after (with a higher file # number than) the deny policies, but due to the way SDW policies are stacked at # the moment, we reverse this suggested order. # # We also want SDW policies in the new format to be evaluated before the legacy # compatibility policies (`/etc/qubes/policy.d/35-compat.policy`), to avoid # having to maintain two sets of policies. We therefore choose policy file numbers # between 30 (used by system, `/etc/qubes/policy.d/30-qubesctl-salt.policy) and 35 # (legacy compatibility, as above). This way, if users have legacy compatibility # policies defined for non-SecureDrop Workstation qubes, they will be evaluated # normally and will not be broken by SecureDrop Workstation, but will not be # evaluated before our own policies. # required to suppress unsupported loopback error notifications securedrop.Log * sd-log sd-log deny notify=no securedrop.Log * @tag:sd-workstation sd-log allow securedrop.Proxy * sd-app sd-proxy allow qubes.Gpg * @tag:sd-client sd-gpg allow qubes.GpgImportKey * @tag:sd-client sd-gpg allow # Future: qubes-app-linux-split-gpg2 qubes.Gpg2 * @tag:sd-client sd-gpg allow target=sd-gpg qubes.USBAttach * sys-usb sd-devices allow user=root qubes.USBAttach * @anyvm @anyvm ask qubes.USB * sd-devices sys-usb allow # TODO: should this be handled with the new Global Config UI instead? qubes.ClipboardPaste * @tag:sd-send-app-clipboard sd-app ask qubes.ClipboardPaste * sd-app @tag:sd-receive-app-clipboard ask qubes.Filecopy * sd-log @default ask qubes.Filecopy * sd-log @tag:sd-receive-logs ask qubes.OpenInVM * @tag:sd-client @dispvm:sd-viewer allow qubes.OpenInVM * @tag:sd-client sd-devices allow qubes.OpenInVM * sd-devices @dispvm:sd-viewer allow