From 3770e7ddee950db79360493c1b6560827b43f7da Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@freedom.press>
Date: Wed, 8 May 2019 16:01:24 -0400
Subject: [PATCH] rpc policies: allow sd-svs to get sd-gpg to import gpg keys

---
 dom0/sd-dom0-qvm-rpc.sls | 1 +
 tests/vars/qubes-rpc.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/dom0/sd-dom0-qvm-rpc.sls b/dom0/sd-dom0-qvm-rpc.sls
index 74c3144b..161db835 100644
--- a/dom0/sd-dom0-qvm-rpc.sls
+++ b/dom0/sd-dom0-qvm-rpc.sls
@@ -108,4 +108,5 @@ dom0-rpc-qubes.GpgImportKey:
     - marker_start: "### BEGIN securedrop-workstation ###"
     - marker_end: "### END securedrop-workstation ###"
     - content: |
+        sd-svs sd-gpg allow
         $anyvm $tag:sd-workstation deny
diff --git a/tests/vars/qubes-rpc.yml b/tests/vars/qubes-rpc.yml
index 4f43fbd3..7ad02e0a 100644
--- a/tests/vars/qubes-rpc.yml
+++ b/tests/vars/qubes-rpc.yml
@@ -56,6 +56,7 @@
 - policy: GpgImportKey
   starts_with: |-
     ### BEGIN securedrop-workstation ###
+    sd-svs sd-gpg allow
     $anyvm $tag:sd-workstation deny
     ### END securedrop-workstation ###