apparmor.d/dists/ubuntu/abstractions/gvfs-open

47 lines
1.1 KiB
Plaintext
Raw Normal View History

# vim:syntax=apparmor
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gvfs-open helper.
#
# NOTE: most likely you want to use xdg-open abstraction instead for better
# portability across desktop environments, unless you are sure that confined
# application only uses /usr/bin/gvfs-open directly.
#
# Usage example:
#
# ```
# profile foo /usr/bin/foo {
# ...
# /usr/bin/gvfs-open rPx -> foo//gvfs-open,
# ...
# } # end of main profile
#
# # out-of-line child profile
# profile foo//gvfs-open {
# include <abstractions/gvfs-open>
#
# # needed for ubuntu-* abstractions
# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
# include <abstractions/ubuntu-browsers>
# include <abstractions/ubuntu-email>
#
# # < add additional allowed applications here >
# }
# ```
include <abstractions/base>
# gvfs-open is deprecated, it launches gio open <uri>
include <abstractions/gio-open>
# Main executables
/usr/bin/gvfs-open r,
/{,usr/}bin/dash mr,
# Include additions to the abstraction
include if exists <abstractions/gvfs-open.d>