From 3c623cca60ff15b45368a41adbc1c66ee600a584 Mon Sep 17 00:00:00 2001
From: Michael Altfield <michael@michaelaltfield.net>
Date: Tue, 16 Jun 2020 02:25:31 +0545
Subject: [PATCH] adding new qubes.LockScreen and cooresponding policy file for
 issue:

 * https://github.com/QubesOS/qubes-issues/issues/5893
---
 qubes-rpc-policy/qubes.LockScreen.policy | 11 +++++++++++
 qubes-rpc/qubes.LockScreen               |  2 ++
 2 files changed, 13 insertions(+)
 create mode 100644 qubes-rpc-policy/qubes.LockScreen.policy
 create mode 100755 qubes-rpc/qubes.LockScreen

diff --git a/qubes-rpc-policy/qubes.LockScreen.policy b/qubes-rpc-policy/qubes.LockScreen.policy
new file mode 100644
index 000000000..15c5e4b3a
--- /dev/null
+++ b/qubes-rpc-policy/qubes.LockScreen.policy
@@ -0,0 +1,11 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
+# WARNING: The qubes.ConnectTCP service is dangerous and allows any
+# qube to access any other qube TCP port. It should be restricted
+# only to restricted qubes. This is why the default policy is 'deny'
+
+# Example of policy: mytcp-client @default allow,target=mytcp-server
+sys-usb dom0 allow
diff --git a/qubes-rpc/qubes.LockScreen b/qubes-rpc/qubes.LockScreen
new file mode 100755
index 000000000..fe602b3a7
--- /dev/null
+++ b/qubes-rpc/qubes.LockScreen
@@ -0,0 +1,2 @@
+#!/bin/bash
+DISPLAY=:0 xscreensaver-command -lock