mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
feat(dbus): rewrite some dbus rules (9).
This commit is contained in:
Alexandre Pujol
parent
3425419f0e
commit
1307250250
34 changed files with 63 additions and 380 deletions
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
member={GetAll,PropertiesChanged}
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
/etc/gtk-{3,4}.0/settings.ini r,
|
||||
|
|
|
|||
|
|
@ -43,11 +43,6 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
dbus (send, receive) bus=system path=/org/debian/apt{,/transaction/@{hex}}
|
||||
interface=org.{debian.apt*,freedesktop.DBus.{Properties,Introspectable}},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PackageKit
|
||||
interface=org.freedesktop.{DBus.Introspectable,PackageKit}
|
||||
member={StateHasChanged,Introspect}
|
||||
peer=(name=org.freedesktop.PackageKit),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/ r,
|
||||
|
|
|
|||
|
|
@ -34,26 +34,6 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (send) peer=apt-methods-http,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PackageKit
|
||||
interface=org.freedesktop.PackageKit
|
||||
member=StateHasChanged,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PackageKit
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={PropertiesChanged,GetAll},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved},
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/ r,
|
||||
|
|
|
|||
|
|
@ -9,8 +9,10 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/xdg-desktop-portal
|
||||
profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/network-manager>
|
||||
include <abstractions/bus/rtkit>
|
||||
include <abstractions/bus/net.hadess.PowerProfiles>
|
||||
include <abstractions/bus/org.freedesktop.impl.portal.PermissionStore>
|
||||
include <abstractions/bus/org.freedesktop.NetworkManager>
|
||||
include <abstractions/bus/org.freedesktop.RealtimeKit1>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -45,18 +47,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=power-profiles-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=xdg-permission-store),
|
||||
dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.impl.portal.PermissionStore
|
||||
peer=(name=:*, label=xdg-permission-store),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/portal/documents
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=xdg-document-portal),
|
||||
|
|
|
|||
|
|
@ -73,11 +73,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label="{gnome-shell,gsd-xsettings}"),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/ r,
|
||||
|
|
|
|||
|
|
@ -24,11 +24,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=xdg-permission-store),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/portal/documents
|
||||
interface=org.freedesktop.portal.Documents
|
||||
member=GetMountPoint
|
||||
|
|
|
|||
|
|
@ -44,16 +44,6 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1{,/session/*}
|
||||
interface=org.freedesktop.{DBus.Properties,login1.Session,login1.Manager}
|
||||
member={ReleaseControl,TakeControl,TakeDevice,ReleaseDevice,GetSessionByPID}
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.login1.Session
|
||||
member=PauseDevice
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -57,10 +57,6 @@ profile evolution-calendar-factory @{exec_path} {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -35,15 +35,18 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/seat/seat@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/seat/seat@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,PropertiesChanged}
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
dbus send bus=system path=/org/freedesktop/login1/seat/seat@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member={UnlockSession,ActivateSessionOnSeat}
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/bus/org.freedesktop.systemd1-session>
|
||||
|
||||
signal (receive) set=term peer=gdm{,-session-worker},
|
||||
# signal (send) set=term peer=unconfined,
|
||||
|
|
@ -18,11 +19,6 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=term peer=xorg,
|
||||
signal (send) set=term peer=gnome-session-binary,
|
||||
|
||||
dbus bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.systemd1),
|
||||
|
||||
dbus send bus=system path=/org/gnome/DisplayManager/Manager
|
||||
interface=org.gnome.DisplayManager.Manager
|
||||
member=RegisterDisplay
|
||||
|
|
|
|||
|
|
@ -28,11 +28,9 @@ profile gnome-extension-ding @{exec_path} {
|
|||
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=com.rastersoft.ding,
|
||||
|
||||
dbus receive bus=session path=/com/rastersoft/ding
|
||||
interface={org.gtk.Actions,org.freedesktop.DBus.Properties}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/com/rastersoft/ding{,**}
|
||||
interface=org.gtk.Actions
|
||||
peer=(label=gnome-shell),
|
||||
|
|
@ -42,16 +40,6 @@ profile gnome-extension-ding @{exec_path} {
|
|||
member={IsSupported,List}
|
||||
peer=(name=:*, label=gvfs-*-monitor),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/FileManager1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=nautilus),
|
||||
|
||||
dbus send bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=switcheroo-control),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Nautilus/FileOperations*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
|
|||
|
|
@ -22,91 +22,30 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term) peer=gdm,
|
||||
signal (send) set=(term) peer=ssh-agent,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.login1),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member=GetSession
|
||||
peer=(name=org.freedesktop.login1),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
member=Setenv
|
||||
peer=(name=org.gnome.SessionManager, label=gnome-session-binary),
|
||||
|
||||
dbus bind bus=session name=org.gnome.keyring,
|
||||
dbus (send, receive) bus=session path=/org/gnome/keyring/daemon
|
||||
interface=org.gnome.keyring.Daemon
|
||||
peer=(name="{org.gnome.keyring,:*}", label=@{profile_name}), # all members
|
||||
peer=(name="{org.gnome.keyring,:*}", label=@{profile_name}),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets
|
||||
dbus bind bus=session name=org.freedesktop.secrets,
|
||||
dbus receive bus=session path=/org/freedesktop/secrets{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.Secret.Service
|
||||
member=SearchItems
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets/aliases/default
|
||||
peer=(name=:*),
|
||||
dbus receive bus=session path=/org/freedesktop/secrets{,/**}
|
||||
interface=org.freedesktop.Secret.*
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/freedesktop/secrets{,/**}
|
||||
interface=org.freedesktop.Secret.Collection
|
||||
member=CreateItem
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets/aliases/default
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets/collection/login
|
||||
interface=org.freedesktop.Secret.Collection
|
||||
member=ItemCreated
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets/collection/login
|
||||
dbus send bus=session path=/org/freedesktop/secrets{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.Secret.Service
|
||||
member={ReadAlias,OpenSession}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets/collection/login/[0-9]*
|
||||
interface=org.freedesktop.Secret.Item
|
||||
member=GetSecret
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets{,/collection/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.Secret.Service
|
||||
member={GetSecrets,SearchItems}
|
||||
peer=(name=:*), # label="{unconfined,remmina}"),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.keyring,
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.freedesktop.secrets,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/ssh-add rix,
|
||||
|
|
|
|||
|
|
@ -62,7 +62,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member=WatchFired
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment}
|
||||
|
|
|
|||
|
|
@ -32,23 +32,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus (send, receive) bus=system path=/org/freedesktop/ColorManager{,/devices/*}
|
||||
interface=org.freedesktop.ColorManager*,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ColorManager{,/devices/*,/profiles/*}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member={GetResources,GetCrtcGamma}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -23,16 +23,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.PrintNotifications,
|
||||
|
||||
dbus send bus=system path=/Client@{int}/ServiceBrowser@{int}
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
|
||||
dbus receive bus=system path=/Client@{int}/ServiceBrowser@{int}
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
peer=(name=:*, label=avahi-daemon),
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
|
||||
|
||||
dbus receive bus=system path=/org/cups/cupsd/Notifier
|
||||
interface=org.cups.cupsd.Notifier,
|
||||
|
||||
|
|
|
|||
|
|
@ -37,14 +37,12 @@ profile gsd-xsettings @{exec_path} {
|
|||
dbus receive bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member=GetCurrentState
|
||||
peer=(name=org.gnome.Mutter.DisplayConfig, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
|
|
|
|||
|
|
@ -27,11 +27,14 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/vulkan>
|
||||
|
||||
dbus bind bus=session name=org.gnome.Nautilus,
|
||||
dbus (send, receive) bus=session path=/org/gnome/Nautilus
|
||||
dbus (send, receive) bus=session path=/org/gnome/Nautilus{,/**}
|
||||
interface=org.gtk.{Actions,Application},
|
||||
dbus (send, receive) bus=session path=/org/gnome/Nautilus{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus receive bus=session path=/org/gnome/Nautilus
|
||||
interface=org.freedesktop.Application
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.FileManager1,
|
||||
dbus receive bus=session path=/org/freedesktop/FileManager1
|
||||
|
|
|
|||
|
|
@ -26,11 +26,6 @@ profile seahorse @{exec_path} {
|
|||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/gpgconf rPx,
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/tracker-miner-fs-{,control-}3
|
||||
profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/upower>
|
||||
include <abstractions/bus/vfs/daemon>
|
||||
include <abstractions/bus/vfs/mount>
|
||||
include <abstractions/bus/org.freedesktop.UPower>
|
||||
include <abstractions/bus/org.gtk.vfs.Daemon>
|
||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -49,9 +49,11 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.NetworkManager
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
|
|
@ -69,24 +71,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
member={SetLink*,ResolveHostname}
|
||||
peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ModemManager1
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus (send receive) bus=system path=/fi/w1/wpa_supplicant1{,/**}
|
||||
interface={fi.w1.wpa_supplicant1.Interface,org.freedesktop.DBus.Properties}
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/bluez/hci@{int}{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=bluetoothd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/systemd1/{unit,job}/**
|
||||
dbus receive bus=system path=/org/freedesktop/systemd1{,/{unit,job}/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label="@{systemd}"),
|
||||
dbus send bus=system path=/org/freedesktop/systemd1/{unit,job}/**
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/update-notifier/livepatch-notification
|
||||
profile livepatch-notification @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -15,22 +15,16 @@ profile software-properties-dbus @{exec_path} {
|
|||
include <abstractions/openssl>
|
||||
include <abstractions/python>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
dbus bind bus=system name=com.ubuntu.SoftwareProperties,
|
||||
dbus receive bus=system path=/
|
||||
interface=com.ubuntu.SoftwareProperties
|
||||
peer=(name=:*, label=software-properties-gtk),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=system path=/
|
||||
interface=com.ubuntu.SoftwareProperties
|
||||
member=Reload,
|
||||
|
||||
dbus bind bus=system name=com.ubuntu.SoftwareProperties,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/python3.[0-9]* rix,
|
||||
|
|
|
|||
|
|
@ -22,18 +22,20 @@ profile software-properties-gtk @{exec_path} {
|
|||
include <abstractions/python>
|
||||
include <abstractions/wayland>
|
||||
|
||||
dbus bind bus=session name=com.ubuntu.SoftwareProperties,
|
||||
dbus send bus=system path=/
|
||||
interface=com.ubuntu.SoftwareProperties
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=com.ubuntu.SoftwareProperties
|
||||
member=Reload,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -37,18 +37,6 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
|
|||
interface={org.debian{,.apt*},org.freedesktop.DBus.{Introspectable,Properties}}
|
||||
member={CommitPackages,Run,PropertyChanged,Introspect,Set,GetAll,UpdateCache},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=StartServiceByName,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager{,/ActiveConnection/[0-9]*,/Devices/[0-9]*}
|
||||
interface=org.freedesktop.DBus.{Properties,Introspectable}
|
||||
member={Introspect,Get},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member=StateChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dpkg rPx -> child-dpkg,
|
||||
|
|
|
|||
|
|
@ -25,36 +25,6 @@ profile cups-browsed @{exec_path} {
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,ServiceBrowserNew},
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member=Free
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus receive bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member={AllForNow,CacheExhausted},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.{DBus.Properties,NetworkManager}
|
||||
member={CheckPermissions,PropertiesChanged,StateChanged,DeviceAdded},
|
||||
|
||||
dbus receive bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member=StateChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/cups/locale/{,**} r,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/authentication>
|
||||
include <abstractions/bus/org.freedesktop.Avahi>
|
||||
include <abstractions/bus/org.freedesktop.ColorManager>
|
||||
include <abstractions/bus/system>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/openssl>
|
||||
|
|
@ -40,11 +41,6 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
|
|||
network rose dgram,
|
||||
network x25 seqpacket,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ColorManager{,/devices/cups_*}
|
||||
interface=org.freedesktop.ColorManager{,.*}
|
||||
member={CreateProfile,CreateDevice,FindDeviceById,AddProfile}
|
||||
peer=(name=org.freedesktop.ColorManager),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -26,20 +26,18 @@ profile evince @{exec_path} {
|
|||
deny network inet,
|
||||
deny network inet6,
|
||||
|
||||
dbus bind bus=session name=org.gnome.evince.Daemon,
|
||||
dbus send bus=session path=/org/gnome/evince/Daemon
|
||||
interface=org.gnome.evince.Daemon
|
||||
peer=(name=org.gnome.evince.Daemon),
|
||||
dbus receive bus=session path=/org/gnome/evince/
|
||||
peer=(name="{org.gnome.evince.Daemon,org.freedesktop.DBus,:*}",
|
||||
label=@{profile_name}), # all interfaces and members
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
member={Set,GetTreeFromDevice}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/gnome/evince/Daemon
|
||||
interface=org.gnome.evince.Daemon
|
||||
member=RegisterDocument
|
||||
peer=(name=org.gnome.evince.Daemon), # no peer's labels
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/evince/{,**}
|
||||
peer=(name="{org.gnome.evince.Daemon,org.freedesktop.DBus,:*}", label=@{profile_name}), # all interfaces and members
|
||||
|
||||
dbus bind bus=session name=org.gnome.evince.Daemon,
|
||||
peer=(name=:*, label=gvfsd-metadata),
|
||||
|
||||
@{exec_path} rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -43,29 +43,11 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PackageKit
|
||||
interface=org.freedesktop.{DBus.Introspectable,PackageKit}
|
||||
member={Introspect,StateHasChanged}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus (send,receive) bus=system path=/[0-9]*_@{hex}
|
||||
interface=org.freedesktop.{DBus.Properties,PackageKit.Transaction},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/gpg{,2} rCx -> gpg,
|
||||
|
|
|
|||
|
|
@ -21,23 +21,6 @@ profile pkttyagent @{exec_path} {
|
|||
ptrace (read),
|
||||
signal (send,receive),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=RegisterAuthenticationAgentWithOptions,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit1/AuthenticationAgent
|
||||
interface=org.freedesktop.PolicyKit1.AuthenticationAgent
|
||||
member={BeginAuthentication,CancelAuthentication}
|
||||
peer=(name=:*, label=polkitd),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=Changed,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
|
||||
|
|
|
|||
|
|
@ -28,29 +28,16 @@ profile remmina @{exec_path} {
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets{,/collection/login{,/[0-9]*}}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
dbus bind bus=session name=org.remmina.Remmina,
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=org.kde.StatusNotifierWatcher),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.Secret.Service
|
||||
member={OpenSession,GetSecrets,SearchItems,ReadAlias}
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**}
|
||||
peer=(name="{:*,org.freedesktop.DBus}"), # all interfaces and members
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets/collection/session
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.kde.StatusNotifierWatcher
|
||||
member=RegisterStatusNotifierItem
|
||||
|
|
@ -61,24 +48,6 @@ profile remmina @{exec_path} {
|
|||
member={IsSupported,List}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets/aliases/default
|
||||
interface=org.freedesktop.Secret.Collection
|
||||
member=CreateItem
|
||||
peer=(name=org.freedesktop.secrets, label=gnome-keyring-daemon),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets/collection/login
|
||||
interface=org.freedesktop.Secret.Collection
|
||||
member=ItemCreated
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/secrets/collection/login
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.remmina.Remmina,
|
||||
|
||||
@{exec_path} r,
|
||||
|
||||
/usr/share/remmina/{,**} r,
|
||||
|
|
|
|||
|
|
@ -24,11 +24,6 @@ profile spice-vdagent @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member=GetCurrentState
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.portal.Realtime
|
||||
member=MakeThreadRealtimeWithPID
|
||||
|
|
|
|||
|
|
@ -19,11 +19,6 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus bind bus=system name=org.freedesktop.thermald,
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=power-profiles-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/thermald/{,*} r,
|
||||
|
|
|
|||
|
|
@ -73,14 +73,6 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.UDisks2.Job
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus (send,receive) bus=system path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect,
|
||||
|
||||
dbus (send,receive) bus=system path=/
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
|
|
|
|||
Loading…
Reference in a new issue