apparmor.d/profiles/abstractions/kde5-plasma5

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2018-2021 Mikhail Morfikov
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  abi <abi/3.0>,

  include <abstractions/thumbnails-cache-read>

  # KDE/Plasma5 themes
  #/{usr/,}lib/@{multiarch}/qt5/plugins/platformthemes/KDEPlasmaPlatformTheme.so mr,
  #/{usr/,}lib/@{multiarch}/qt5/plugins/styles/breeze.so mr,
  #/usr/share/plasma/look-and-feel/** r,
  #/usr/share/color-schemes/*.colors r,

  #/usr/share/kservices5/{,**/} r,
  #/usr/share/kservices5/*.protocol r,

  #/usr/share/knotifications5/plasma_workspace.notifyrc r,

  # For app config (in order to work the KDE_APP_NAME variable has to be set in profile which
  # includes this abstraction)
  #owner @{HOME}/.config/#[0-9]*[0-9] rwk,
  #owner @{HOME}/.config/@{KDE_APP_NAME}rc* rwlk -> @{HOME}/.config/#[0-9]*[0-9],
  #owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw,
  #owner @{run}/user/[0-9]*/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9],

  # Common KDE config files
  #owner @{HOME}/.config/#[0-9]*[0-9] rw,
  #owner @{HOME}/.config/kdeglobals* rwkl -> @{HOME}/.config/#[0-9]*[0-9],
  #owner @{HOME}/.config/baloofilerc r,
  #owner @{HOME}/.config/dolphinrc r,
  #owner @{HOME}/.config/trashrc r,
  #owner @{HOME}/.config/knfsshare r,
  #owner /**/.directory r,

  # For bookmarks
  #/{usr/,}bin/keditbookmarks rPUx,
  #owner @{HOME}/.local/share/kfile/ rw,
  #owner @{HOME}/.local/share/kfile/#[0-9]*[0-9] rw,
  #owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9],

  # Common cache files
  #owner @{HOME}/.cache/icon-cache.kcache rw,
  #owner @{HOME}/.cache/ksycoca5_* r,

  # Think what to do about this #FIXME#
  # It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following.
  include <abstractions/recent-documents-write>
  #signal (send) set=(term, kill) peer=unconfined,
  #deny @{sys}/bus/ r,
  #deny @{sys}/bus/usb/devices/ r,
  #deny @{sys}/class/ r,
  #deny @{run}/udev/data/b8:[0-9]* r,   # for /dev/sda1 , etc.
  #deny @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/001/001 , etc.
  #deny @{run}/udev/data/+usb:* r,      #
  #/etc/exports r,
  #/etc/xdg/menus/ r,
  #/usr/share/mime/ r,
  #owner @{HOME}/.config/menus/ r,
  #owner @{HOME}/.config/menus/applications-merged/ r,
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`# vim:syntax=apparmor`
			`# ------------------------------------------------------------------`
			`#`
update apparmor profiles 2021-01-10 16:35:07 +01:00			`# Copyright (C) 2018-2021 Mikhail Morfikov`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`

update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`abi <abi/3.0>,`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <abstractions/thumbnails-cache-read>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
			`# KDE/Plasma5 themes`
			`#/{usr/,}lib/@{multiarch}/qt5/plugins/platformthemes/KDEPlasmaPlatformTheme.so mr,`
			`#/{usr/,}lib/@{multiarch}/qt5/plugins/styles/breeze.so mr,`
			`#/usr/share/plasma/look-and-feel/** r,`
			`#/usr/share/color-schemes/*.colors r,`

			`#/usr/share/kservices5/{,**/} r,`
			`#/usr/share/kservices5/*.protocol r,`

			`#/usr/share/knotifications5/plasma_workspace.notifyrc r,`

			`# For app config (in order to work the KDE_APP_NAME variable has to be set in profile which`
			`# includes this abstraction)`
			`#owner @{HOME}/.config/#[0-9]*[0-9] rwk,`
			`#owner @{HOME}/.config/@{KDE_APP_NAME}rc* rwlk -> @{HOME}/.config/#[0-9]*[0-9],`
update apparmor profiles 2020-10-25 10:23:34 +01:00			`#owner @{run}/user/[0-9]/#[0-9][0-9] rw,`
			`#owner @{run}/user/[0-9]/@{KDE_APP_NAME}.slave-socket rwl -> @{run}/user/[0-9]/#[0-9][0-9],`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
			`# Common KDE config files`
			`#owner @{HOME}/.config/#[0-9]*[0-9] rw,`
			`#owner @{HOME}/.config/kdeglobals* rwkl -> @{HOME}/.config/#[0-9]*[0-9],`
			`#owner @{HOME}/.config/baloofilerc r,`
			`#owner @{HOME}/.config/dolphinrc r,`
			`#owner @{HOME}/.config/trashrc r,`
			`#owner @{HOME}/.config/knfsshare r,`
			`#owner /**/.directory r,`

			`# For bookmarks`
			`#/{usr/,}bin/keditbookmarks rPUx,`
			`#owner @{HOME}/.local/share/kfile/ rw,`
			`#owner @{HOME}/.local/share/kfile/#[0-9]*[0-9] rw,`
			`#owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9],`

			`# Common cache files`
			`#owner @{HOME}/.cache/icon-cache.kcache rw,`
			`#owner @{HOME}/.cache/ksycoca5_* r,`

			`# Think what to do about this #FIXME#`
			`# It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following.`
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <abstractions/recent-documents-write>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`#signal (send) set=(term, kill) peer=unconfined,`
			`#deny @{sys}/bus/ r,`
			`#deny @{sys}/bus/usb/devices/ r,`
			`#deny @{sys}/class/ r,`
update apparmor profiles 2020-10-25 10:23:34 +01:00			`#deny @{run}/udev/data/b8:[0-9]* r, # for /dev/sda1 , etc.`
			`#deny @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/001/001 , etc.`
			`#deny @{run}/udev/data/+usb:* r, #`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`#/etc/exports r,`
			`#/etc/xdg/menus/ r,`
			`#/usr/share/mime/ r,`
			`#owner @{HOME}/.config/menus/ r,`
			`#owner @{HOME}/.config/menus/applications-merged/ r,`