freedomofpress
Qubes: Startup checks
On Dangerzone startup, it would be worth checking if the appropriate template for the offline disposable qube exists, and if the proper Qubes RPC policy is set in dom0. We can do so within the install() method of the Qubes isolation provider.
checking if the appropriate template for the offline disposable qube exists, and if the proper Qubes RPC policy is set in dom0 Doing this will require using the Qubes Admin API, which means extra dom0 policy changes. Without having our own dedicated qubes and templates, this means that we'll probably need to make any qube where the dangerzone client potentially runs to be able to check how a dom0 policy is set (we can scope if for a dangerzone-specific one) and also to inspect how a disposable qube template is setup (to check on the network situation).
Although in theory that is nice, I think it may open too much policy exposure. Some users may not be comfortable with that.
For the checking if offline, I have an alternative proposal, though: doing this check on the disposable qube once it starts.
