From 14b779d29b70301cfecce2b2d1c0de886701a55e Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 5 Apr 2024 23:27:31 +0100 Subject: [PATCH] feat(profile): whonix: add msgcollector profiles. --- apparmor.d/groups/whonix/msgcollector | 46 +++++++++++++++++++ apparmor.d/groups/whonix/msgcollector-br-add | 17 +++++++ .../whonix/msgcollector-generic-gui-message | 19 ++++++++ .../groups/whonix/msgcollector-striphtml | 17 +++++++ .../groups/whonix/msgdispatcher-autostart | 24 ++++++++++ .../groups/whonix/msgdispatcher-dispatch | 19 ++++++++ 6 files changed, 142 insertions(+) create mode 100644 apparmor.d/groups/whonix/msgcollector create mode 100644 apparmor.d/groups/whonix/msgcollector-br-add create mode 100644 apparmor.d/groups/whonix/msgcollector-generic-gui-message create mode 100644 apparmor.d/groups/whonix/msgcollector-striphtml create mode 100644 apparmor.d/groups/whonix/msgdispatcher-autostart create mode 100644 apparmor.d/groups/whonix/msgdispatcher-dispatch diff --git a/apparmor.d/groups/whonix/msgcollector b/apparmor.d/groups/whonix/msgcollector new file mode 100644 index 00000000..46036446 --- /dev/null +++ b/apparmor.d/groups/whonix/msgcollector @@ -0,0 +1,46 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/msgcollector +profile msgcollector @{exec_path} { + include + include + include + + @{exec_path} mr, + + @{sh_path} rix, + @{bin}/basename rix, + @{bin}/cat rix, + @{bin}/touch rix, + @{bin}/tput rix, + @{bin}/whoami rix, + + @{lib}/msgcollector/msgdispatcher_dispatch_x rPx, + @{lib}/msgcollector/striphtml rPx, + + @{lib}/msgcollector/{,**} r, + + @{bin}/sudo rCx -> sudo, + + owner @{run}/msgcollector/user/{,**} rw, + + profile sudo { + include + include + + @{bin}/rm rix, + @{lib}/msgcollector/msgdispatcher_delete_wrapper rix, + + @{run}/msgcollector/user/* rw, + + include if exists + } + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/whonix/msgcollector-br-add b/apparmor.d/groups/whonix/msgcollector-br-add new file mode 100644 index 00000000..1e6b624b --- /dev/null +++ b/apparmor.d/groups/whonix/msgcollector-br-add @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/br_add +profile msgcollector-br-add @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/whonix/msgcollector-generic-gui-message b/apparmor.d/groups/whonix/msgcollector-generic-gui-message new file mode 100644 index 00000000..c66d3508 --- /dev/null +++ b/apparmor.d/groups/whonix/msgcollector-generic-gui-message @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/generic_gui_message +profile msgcollector-generic-gui-message @{exec_path} { + include + include + include + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/whonix/msgcollector-striphtml b/apparmor.d/groups/whonix/msgcollector-striphtml new file mode 100644 index 00000000..e3bf5381 --- /dev/null +++ b/apparmor.d/groups/whonix/msgcollector-striphtml @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/striphtml +profile msgcollector-striphtml @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/whonix/msgdispatcher-autostart b/apparmor.d/groups/whonix/msgdispatcher-autostart new file mode 100644 index 00000000..86452e89 --- /dev/null +++ b/apparmor.d/groups/whonix/msgdispatcher-autostart @@ -0,0 +1,24 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/msgdispatcher_xdg_autostart +profile msgdispatcher-autostart @{exec_path} { + include + + @{exec_path} mr, + + @{sh_path} r, + + @{lib}/msgcollector/msgdispatcher rPx, + + owner @{HOME}/.xsession-errors w, + + /dev/tty rw, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/whonix/msgdispatcher-dispatch b/apparmor.d/groups/whonix/msgdispatcher-dispatch new file mode 100644 index 00000000..a900ed57 --- /dev/null +++ b/apparmor.d/groups/whonix/msgdispatcher-dispatch @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/msgcollector/msgdispatcher_dispatch_x +profile msgdispatcher-dispatch @{exec_path} { + include + include + include + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file