From 981a11cee14a10ad90a3f0c8803f956d102f9076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 18 Nov 2016 02:51:25 +0100
Subject: [PATCH] qrexec: really do not match 'dom0' at '$anyvm', as documented

Design documentation says:
'note string dom0 does not match the $anyvm pattern; all other names do'

This behaviour was broken, because 'is not' in python isn't the same as
string comparison. In theory this could result in some service
erroneously allowed to execute in dom0, but in practice such services are
not installed in dom0 at all, so the only impact was misleading error
message.

Fixes QubesOS/qubes-issues#2031
Reported by @Jeeppler
---
 qrexec/qrexec-policy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qrexec/qrexec-policy b/qrexec/qrexec-policy
index 0d236ae..f4cfc07 100755
--- a/qrexec/qrexec-policy
+++ b/qrexec/qrexec-policy
@@ -70,7 +70,7 @@ def read_policy_file(service_name):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
+    return (item != "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}