mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
84 lines
2.2 KiB
Plaintext
84 lines
2.2 KiB
Plaintext
|
# vim:syntax=apparmor
|
||
|
|
||
|
# This abstraction is designed to be used in a child profile to limit what
|
||
|
# confined application can invoke via xdg-open helper. xdg-open abstraction
|
||
|
# will allow to use gio-open, kde-open5 and other helpers of the different
|
||
|
# desktop environments.
|
||
|
#
|
||
|
# Usage example:
|
||
|
#
|
||
|
# ```
|
||
|
# profile foo /usr/bin/foo {
|
||
|
# ...
|
||
|
# /usr/bin/xdg-open rPx -> foo//xdg-open,
|
||
|
# ...
|
||
|
# } # end of main profile
|
||
|
#
|
||
|
# # out-of-line child profile
|
||
|
# profile foo//xdg-open {
|
||
|
# include <abstractions/xdg-open>
|
||
|
#
|
||
|
# # Enable a11y support if considered required by
|
||
|
# # profile author for (rare) error message boxes.
|
||
|
# include <abstractions/dbus-accessibility>
|
||
|
#
|
||
|
# # Enable gstreamer support if considered required by
|
||
|
# # profile author for (rare) error message boxes.
|
||
|
# include if exists <abstractions/gstreamer>
|
||
|
#
|
||
|
# # needed for ubuntu-* abstractions
|
||
|
# include <abstractions/ubuntu-helpers>
|
||
|
#
|
||
|
# # Only allow to handle http[s]: and mailto: links
|
||
|
# include <abstractions/ubuntu-browsers>
|
||
|
# include <abstractions/ubuntu-email>
|
||
|
#
|
||
|
# # < add additional allowed applications here >
|
||
|
# }
|
||
|
# ```
|
||
|
|
||
|
include <abstractions/base>
|
||
|
|
||
|
# for openin with `exo-open`
|
||
|
include <abstractions/exo-open>
|
||
|
|
||
|
# for opening with `gio open <uri>`
|
||
|
include <abstractions/gio-open>
|
||
|
|
||
|
# for opening with gvfs-open (deprecated)
|
||
|
include <abstractions/gvfs-open>
|
||
|
|
||
|
# for opening with kde-open5
|
||
|
include <abstractions/kde-open5>
|
||
|
|
||
|
# Main executables
|
||
|
|
||
|
/{,usr/}bin/{b,d}ash mr,
|
||
|
/usr/bin/xdg-open r,
|
||
|
|
||
|
# Additional executables
|
||
|
|
||
|
/usr/bin/xdg-mime rix,
|
||
|
/{,usr/}bin/cut rix, # for xdg-mime
|
||
|
/{,usr/}bin/head rix, # for xdg-mime
|
||
|
/{,usr/}bin/sed rix, # for xdg-open
|
||
|
/{,usr/}bin/tr rix, # for xdg-mime
|
||
|
/{,usr/}bin/which rix, # for xdg-open
|
||
|
/{,usr/}bin/{grep,egrep} rix, # for xdg-open
|
||
|
|
||
|
# System files
|
||
|
|
||
|
/dev/pts/[0-9]* rw,
|
||
|
/dev/tty w,
|
||
|
/etc/gnome/defaults.list r, # for grep
|
||
|
/usr/share/applications/mimeinfo.cache r, # for grep
|
||
|
/usr/share/terminfo/s/screen r, # for bash on openSUSE
|
||
|
/usr/share/{,*/}applications/{,*.desktop} r, # for xdg-mime
|
||
|
/var/lib/menu-xdg/applications/ r, # for xdg-mime
|
||
|
|
||
|
# Usr files
|
||
|
|
||
|
owner @{HOME}/.local/share/applications/{,*.desktop} r,
|
||
|
|
||
|
# Include additions to the abstraction
|
||
|
include if exists <abstractions/xdg-open.d>
|