From d23dd8c3710e097940624d9538dbce5b90ba87cc Mon Sep 17 00:00:00 2001
From: Erik Moeller <eloquence@gmail.com>
Date: Mon, 20 Apr 2020 17:47:22 -0700
Subject: [PATCH] Rescope clipboard permission to sd-app

---
 dom0/sd-dom0-qvm-rpc.sls | 4 ++--
 scripts/remove-tags      | 2 +-
 tests/vars/qubes-rpc.yml | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dom0/sd-dom0-qvm-rpc.sls b/dom0/sd-dom0-qvm-rpc.sls
index 74d5a60c..b6fc2fcb 100644
--- a/dom0/sd-dom0-qvm-rpc.sls
+++ b/dom0/sd-dom0-qvm-rpc.sls
@@ -17,8 +17,8 @@ dom0-rpc-qubes.ClipboardPaste:
     - marker_start: "### BEGIN securedrop-workstation ###"
     - marker_end: "### END securedrop-workstation ###"
     - content: |
-        @tag:sd-send-clipboard @tag:sd-workstation ask
-        @tag:sd-workstation @tag:sd-receive-clipboard ask
+        @tag:sd-send-app-clipboard sd-app ask
+        sd-app @tag:sd-receive-app-clipboard ask
         @anyvm @tag:sd-workstation deny
         @tag:sd-workstation @anyvm deny
 dom0-rpc-qubes.FeaturesRequest:
diff --git a/scripts/remove-tags b/scripts/remove-tags
index 0f034730..3ef3e81a 100755
--- a/scripts/remove-tags
+++ b/scripts/remove-tags
@@ -7,7 +7,7 @@ import qubesadmin
 
 q = qubesadmin.Qubes()
 
-TAGS_TO_REMOVE = ["sd-send-clipboard", "sd-receive-clipboard", "sd-receive-logs"]
+TAGS_TO_REMOVE = ["sd-send-app-clipboard", "sd-receive-app-clipboard", "sd-receive-logs"]
 
 
 def main():
diff --git a/tests/vars/qubes-rpc.yml b/tests/vars/qubes-rpc.yml
index 642ee32b..8b963eb9 100644
--- a/tests/vars/qubes-rpc.yml
+++ b/tests/vars/qubes-rpc.yml
@@ -1,8 +1,8 @@
 - policy: qubes.ClipboardPaste
   starts_with: |-
     ### BEGIN securedrop-workstation ###
-    @tag:sd-send-clipboard @tag:sd-workstation ask
-    @tag:sd-workstation @tag:sd-receive-clipboard ask
+    @tag:sd-send-app-clipboard sd-app ask
+    sd-app @tag:sd-receive-app-clipboard ask
     @anyvm @tag:sd-workstation deny
     @tag:sd-workstation @anyvm deny
     ### END securedrop-workstation ###