From 038e2882b5208ec3fc8ef3e08883a6d28acd91b2 Mon Sep 17 00:00:00 2001
From: nobody43 <nobody43@users.noreply.github.com>
Date: Wed, 30 Nov 2022 22:37:07 +0300
Subject: [PATCH] wireshark

---
 apparmor.d/profiles-a-f/dumpcap   |  7 ++++++-
 apparmor.d/profiles-s-z/wireshark | 13 ++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/profiles-a-f/dumpcap b/apparmor.d/profiles-a-f/dumpcap
index 4dfb6145..d40b9380 100644
--- a/apparmor.d/profiles-a-f/dumpcap
+++ b/apparmor.d/profiles-a-f/dumpcap
@@ -10,6 +10,8 @@ include <tunables/global>
 profile dumpcap @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
+  include <abstractions/dbus>
+  include <abstractions/dbus-session>
 
   # To capture packekts
   capability net_raw,
@@ -24,13 +26,16 @@ profile dumpcap @{exec_path} {
   network packet raw,
   network bluetooth raw,
 
+  dbus (eavesdrop) bus=session,
+
   @{exec_path} mr,
 
   @{sys}/class/net/ r,
   @{sys}/bus/usb/devices/ r,
   @{sys}/devices/virtual/net/*/type r,
-  @{sys}/devices/pci[0-9]*/**/net/*/type r,
   @{sys}/devices/virtual/net/*/statistics/* r,
+  @{sys}/devices/pci[0-9]*/**/net/*/type r,
+  @{sys}/devices/pci[0-9]*/**/net/*/statistics/* r,
 
   @{PROC}/@{pid}/net/dev r,
   @{PROC}/@{pid}/net/psched r,
diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark
index 4a1bb369..6a3a6586 100644
--- a/apparmor.d/profiles-s-z/wireshark
+++ b/apparmor.d/profiles-s-z/wireshark
@@ -26,6 +26,9 @@ profile wireshark @{exec_path} {
   include <abstractions/mesa>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/qt5-settings-write>
+  include <abstractions/dbus-accessibility-strict>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/nvidia>
 
   signal (send) peer=dumpcap,
 
@@ -51,16 +54,18 @@ profile wireshark @{exec_path} {
   /etc/wireshark/init.lua r,
 
   # Wireshark home files
-  owner @{HOME}/.wireshark/{,*} rw,
-  owner @{user_config_dirs}/wireshark/{,*} rw,
+  owner @{HOME}/.wireshark/{,**} rw,
+  owner @{user_config_dirs}/wireshark/{,**} rw,
 
   # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
   owner @{user_config_dirs}/qt5ct/{,**} r,
   /usr/share/qt5ct/** r,
+  /usr/share/qt5/translations/*.qm r,
 
   deny       @{PROC}/sys/kernel/random/boot_id r,
   deny owner @{PROC}/@{pid}/cmdline r,
        owner @{PROC}/@{pid}/fd/ r,
+       owner @{PROC}/@{pid}/comm r,
              @{PROC}/@{pid}/net/dev r,
              @{PROC}/@{pid}/mountinfo r,
              @{PROC}/@{pid}/mounts r,
@@ -75,9 +80,6 @@ profile wireshark @{exec_path} {
 
   /dev/shm/#[0-9]*[0-9] rw,
 
-  /var/lib/dbus/machine-id r,
-  /etc/machine-id r,
-
   owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw,
 
   # Allowed apps to open
@@ -108,6 +110,7 @@ profile wireshark @{exec_path} {
     # file_inherit
     owner @{HOME}/.xsession-errors w,
 
+    include if exists <local/wireshark_open>
   }
 
   include if exists <local/wireshark>