mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
refractor(profiles): unify the name of the local variables.
This commit is contained in:
parent
57f914d7fd
commit
2d2693bd99
@ -6,11 +6,11 @@
|
||||
# (like electron) use abstractions/chromium-common instead.
|
||||
|
||||
# This abstraction requires the following variables definied in the profile header:
|
||||
# @{chromium_name} = chromium
|
||||
# @{chromium_domain} = org.chromium.Chromium
|
||||
# @{chromium_lib_dirs} = @{lib}/chromium
|
||||
# @{chromium_config_dirs} = @{user_config_dirs}/chromium
|
||||
# @{chromium_cache_dirs} = @{user_cache_dirs}/chromium
|
||||
# @{name} = chromium
|
||||
# @{domain} = org.chromium.Chromium
|
||||
# @{lib_dirs} = @{lib}/chromium
|
||||
# @{config_dirs} = @{user_config_dirs}/chromium
|
||||
# @{cache_dirs} = @{user_cache_dirs}/chromium
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
@ -55,9 +55,9 @@
|
||||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
@{chromium_lib_dirs}/{,**} r,
|
||||
@{chromium_lib_dirs}/chrome_crashpad_handler rPx,
|
||||
@{chromium_lib_dirs}/chrome-sandbox rPx,
|
||||
@{lib_dirs}/{,**} r,
|
||||
@{lib_dirs}/chrome_crashpad_handler rPx,
|
||||
@{lib_dirs}/chrome-sandbox rPx,
|
||||
|
||||
# Desktop integration
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@ -87,14 +87,14 @@
|
||||
@{bin}/chrome-gnome-shell rPx,
|
||||
@{bin}/gnome-browser-connector-host rPx,
|
||||
|
||||
/usr/share/@{chromium_name}/{,**} r,
|
||||
/usr/share/@{name}/{,**} r,
|
||||
/usr/share/chromium/extensions/{,**} r,
|
||||
/usr/share/egl/{,**} r,
|
||||
/usr/share/libdrm/*.ids r,
|
||||
/usr/share/mozilla/extensions/{,**} r,
|
||||
/usr/share/webext/{,**} r,
|
||||
|
||||
/etc/@{chromium_name}/{,**} r,
|
||||
/etc/@{name}/{,**} r,
|
||||
/etc/fstab r,
|
||||
/etc/libva.conf r,
|
||||
/etc/opensc.conf r,
|
||||
@ -115,13 +115,13 @@
|
||||
owner @{user_config_dirs}/ r,
|
||||
owner @{user_config_dirs}/gtk-3.0/servers r,
|
||||
owner @{user_share_dirs}/ r,
|
||||
owner @{user_share_dirs}/.@{chromium_domain}.* rw,
|
||||
owner @{user_share_dirs}/.@{domain}.* rw,
|
||||
|
||||
owner @{chromium_config_dirs}/ rw,
|
||||
owner @{chromium_config_dirs}/** rwk,
|
||||
owner @{chromium_config_dirs}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,
|
||||
owner @{config_dirs}/ rw,
|
||||
owner @{config_dirs}/** rwk,
|
||||
owner @{config_dirs}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,
|
||||
|
||||
owner @{chromium_cache_dirs}/{,**} rw,
|
||||
owner @{cache_dirs}/{,**} rw,
|
||||
|
||||
# For importing data (bookmarks, cookies, etc) from Firefox
|
||||
# owner @{HOME}/.mozilla/firefox/profiles.ini r,
|
||||
@ -135,16 +135,16 @@
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
owner /tmp/.@{chromium_domain}.* rw,
|
||||
owner /tmp/.@{chromium_domain}*/{,**} rw,
|
||||
owner /tmp/@{chromium_name}-crashlog-@{int}-@{int}.txt rw,
|
||||
owner /tmp/.@{domain}.* rw,
|
||||
owner /tmp/.@{domain}*/{,**} rw,
|
||||
owner /tmp/@{name}-crashlog-@{int}-@{int}.txt rw,
|
||||
owner /tmp/scoped_dir*/{,**} rw,
|
||||
owner /tmp/tmp.* rw,
|
||||
owner /tmp/tmp.*/ rw,
|
||||
owner /tmp/tmp.*/** rwk,
|
||||
|
||||
/dev/shm/ r,
|
||||
owner /dev/shm/.@{chromium_domain}* rw,
|
||||
owner /dev/shm/.@{domain}* rw,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@ -198,7 +198,7 @@
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
# Silencer
|
||||
deny @{chromium_lib_dirs}/** w,
|
||||
deny @{lib_dirs}/** w,
|
||||
deny @{user_share_dirs}/gvfs-metadata/* r,
|
||||
|
||||
include if exists <abstractions/chromium.d>
|
||||
|
@ -7,13 +7,13 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = brave{,-beta,-dev,-bin}
|
||||
@{chromium_domain} = com.brave.Brave
|
||||
@{chromium_lib_dirs} = /opt/brave{-bin,.com}/@{chromium_name}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{chromium_cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{name} = brave{,-beta,-dev,-bin}
|
||||
@{domain} = com.brave.Brave
|
||||
@{lib_dirs} = /opt/brave{-bin,.com}/@{name}
|
||||
@{config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}{,/@{chromium_name}}
|
||||
@{exec_path} = @{lib_dirs}{,/@{name}}
|
||||
profile brave @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/chromium>
|
||||
@ -22,8 +22,8 @@ profile brave @{exec_path} {
|
||||
|
||||
@{bin}/man rPUx, # For "brave --help"
|
||||
|
||||
@{chromium_lib_dirs}/swiftshader/libGLESv2.so mr,
|
||||
@{chromium_lib_dirs}/swiftshader/libEGL.so mr,
|
||||
@{lib_dirs}/swiftshader/libGLESv2.so mr,
|
||||
@{lib_dirs}/swiftshader/libEGL.so mr,
|
||||
|
||||
/usr/share/chromium/extensions/ r,
|
||||
|
||||
@ -33,8 +33,8 @@ profile brave @{exec_path} {
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu r,
|
||||
|
||||
owner @{chromium_config_dirs}/WidevineCdm/libwidevinecdm.so mrw,
|
||||
owner @{chromium_cache_dirs}/BraveSoftware/ rw,
|
||||
owner @{config_dirs}/WidevineCdm/libwidevinecdm.so mrw,
|
||||
owner @{cache_dirs}/BraveSoftware/ rw,
|
||||
|
||||
owner /tmp/net-export/ rw, # For brave://net-export/
|
||||
|
||||
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
|
||||
@{lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/{brave,chrome}-sandbox
|
||||
@{exec_path} = @{lib_dirs}/{brave,chrome}-sandbox
|
||||
profile brave-sandbox @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@ -21,7 +21,7 @@ profile brave-sandbox @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{chromium_lib_dirs}/brave rPx,
|
||||
@{lib_dirs}/brave rPx,
|
||||
|
||||
@{PROC} r,
|
||||
@{PROC}/@{pids}/ r,
|
||||
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
|
||||
@{lib_dirs} = /opt/brave.com/brave{,-beta,-dev} /opt/brave-bin/brave{,-beta,-dev}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/brave-browser{,-beta,-dev}
|
||||
@{exec_path} = @{lib_dirs}/brave-browser{,-beta,-dev}
|
||||
profile brave-wrapper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
@ -24,7 +24,7 @@ profile brave-wrapper @{exec_path} {
|
||||
@{bin}/touch rix,
|
||||
@{bin}/which{,.debianutils} rix,
|
||||
|
||||
@{chromium_lib_dirs}/brave rPx,
|
||||
@{lib_dirs}/brave rPx,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ w,
|
||||
|
||||
|
@ -7,13 +7,13 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = chrome{,-beta,-stable,-unstable}
|
||||
@{chromium_domain} = com.google.Chrome
|
||||
@{chromium_lib_dirs} = /opt/google/@{chromium_name}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/google-@{chromium_name}
|
||||
@{chromium_cache_dirs} = @{user_cache_dirs}/google-@{chromium_name}
|
||||
@{name} = chrome{,-beta,-stable,-unstable}
|
||||
@{domain} = com.google.Chrome
|
||||
@{lib_dirs} = /opt/google/@{name}
|
||||
@{config_dirs} = @{user_config_dirs}/google-@{name}
|
||||
@{cache_dirs} = @{user_cache_dirs}/google-@{name}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||
@{exec_path} = @{lib_dirs}/@{name}
|
||||
profile chrome @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/chromium>
|
||||
@ -22,16 +22,16 @@ profile chrome @{exec_path} {
|
||||
|
||||
@{bin}/man rPUx, # For "chrome --help"
|
||||
|
||||
@{chromium_lib_dirs}/google-@{chromium_name} rPx,
|
||||
@{lib_dirs}/google-@{name} rPx,
|
||||
|
||||
@{chromium_lib_dirs}/nacl_helper rix,
|
||||
@{chromium_lib_dirs}/xdg-mime rix, #-> xdg-mime,
|
||||
@{chromium_lib_dirs}/xdg-settings rix, #-> xdg-settings,
|
||||
@{lib_dirs}/nacl_helper rix,
|
||||
@{lib_dirs}/xdg-mime rix, #-> xdg-mime,
|
||||
@{lib_dirs}/xdg-settings rix, #-> xdg-settings,
|
||||
|
||||
@{chromium_lib_dirs}/*.so* mr,
|
||||
@{chromium_lib_dirs}/libwidevinecdm.so mr,
|
||||
@{chromium_lib_dirs}/libwidevinecdmadapter.so mr,
|
||||
@{chromium_lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,
|
||||
@{lib_dirs}/*.so* mr,
|
||||
@{lib_dirs}/libwidevinecdm.so mr,
|
||||
@{lib_dirs}/libwidevinecdmadapter.so mr,
|
||||
@{lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,
|
||||
|
||||
include if exists <local/chrome>
|
||||
}
|
||||
|
@ -7,10 +7,10 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
|
||||
@{lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/chrome_crashpad_handler
|
||||
@{exec_path} = @{lib_dirs}/chrome_crashpad_handler
|
||||
profile chrome-crashpad-handler @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@ -21,7 +21,7 @@ profile chrome-crashpad-handler @{exec_path} {
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
owner "@{chromium_config_dirs}/Crash Reports/**" rwk,
|
||||
owner "@{config_dirs}/Crash Reports/**" rwk,
|
||||
|
||||
@{PROC}/sys/kernel/yama/ptrace_scope r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_lib_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}
|
||||
@{lib_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/chrome-sandbox
|
||||
@{exec_path} = @{lib_dirs}/chrome-sandbox
|
||||
profile chrome-sandbox @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@ -21,8 +21,8 @@ profile chrome-sandbox @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{chromium_lib_dirs}/chrome rPx,
|
||||
@{chromium_lib_dirs}/nacl_helper rix,
|
||||
@{lib_dirs}/chrome rPx,
|
||||
@{lib_dirs}/nacl_helper rix,
|
||||
|
||||
@{PROC} r,
|
||||
@{PROC}/@{pids}/ r,
|
||||
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/google-chrome{,-beta,-unstable}
|
||||
@{exec_path} = @{lib_dirs}/google-chrome{,-beta,-unstable}
|
||||
profile chrome-wrapper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
@ -24,7 +24,7 @@ profile chrome-wrapper @{exec_path} {
|
||||
@{bin}/touch rix,
|
||||
@{bin}/which{,.debianutils} rix,
|
||||
|
||||
@{chromium_lib_dirs}/chrome rPx,
|
||||
@{lib_dirs}/chrome rPx,
|
||||
|
||||
owner @{user_config_dirs}/chrome-flags.conf r,
|
||||
|
||||
|
@ -7,13 +7,13 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = chromium
|
||||
@{chromium_domain} = org.chromium.Chromium
|
||||
@{chromium_lib_dirs} = @{lib}/@{chromium_name}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
||||
@{name} = chromium
|
||||
@{domain} = org.chromium.Chromium
|
||||
@{lib_dirs} = @{lib}/@{name}
|
||||
@{config_dirs} = @{user_config_dirs}/@{name}
|
||||
@{cache_dirs} = @{user_cache_dirs}/@{name}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||
@{exec_path} = @{lib_dirs}/@{name}
|
||||
profile chromium @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/chromium>
|
||||
|
@ -7,7 +7,7 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/chromium
|
||||
@{config_dirs} = @{user_config_dirs}/chromium
|
||||
|
||||
@{exec_path} = @{lib}/chromium/chrome_crashpad_handler
|
||||
profile chromium-crashpad-handler @{exec_path} {
|
||||
@ -20,7 +20,7 @@ profile chromium-crashpad-handler @{exec_path} {
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
owner "@{chromium_config_dirs}/Crash Reports/**" rwk,
|
||||
owner "@{config_dirs}/Crash Reports/**" rwk,
|
||||
|
||||
@{PROC}/sys/kernel/yama/ptrace_scope r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
@ -7,12 +7,12 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
@{cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
|
||||
@{exec_path} = @{bin}/@{firefox_name} @{firefox_lib_dirs}/@{firefox_name}
|
||||
@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
|
||||
profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
@ -133,14 +133,14 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
@{bin}/basename rix,
|
||||
@{bin}/expr rix,
|
||||
|
||||
@{firefox_lib_dirs}/{,**} r,
|
||||
@{firefox_lib_dirs}/*.so mr,
|
||||
@{firefox_lib_dirs}/crashreporter rPx,
|
||||
@{firefox_lib_dirs}/glxtest rPx,
|
||||
@{firefox_lib_dirs}/minidump-analyzer rPx,
|
||||
@{firefox_lib_dirs}/pingsender rPx,
|
||||
@{firefox_lib_dirs}/plugin-container rPx,
|
||||
@{firefox_lib_dirs}/vaapitest rPx,
|
||||
@{lib_dirs}/{,**} r,
|
||||
@{lib_dirs}/*.so mr,
|
||||
@{lib_dirs}/crashreporter rPx,
|
||||
@{lib_dirs}/glxtest rPx,
|
||||
@{lib_dirs}/minidump-analyzer rPx,
|
||||
@{lib_dirs}/pingsender rPx,
|
||||
@{lib_dirs}/plugin-container rPx,
|
||||
@{lib_dirs}/vaapitest rPx,
|
||||
@{lib}/mozilla/kmozillahelper rPUx,
|
||||
|
||||
@{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
|
||||
@ -164,7 +164,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
# As a temporary solution - see issue #128
|
||||
@{bin}/keepassxc-proxy rix,
|
||||
|
||||
/usr/share/@{firefox_name}/{,**} r,
|
||||
/usr/share/@{name}/{,**} r,
|
||||
/usr/share/doc/{,**} r,
|
||||
/usr/share/egl/{,**} r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
@ -173,7 +173,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
/usr/share/webext/{,**} r,
|
||||
/usr/share/xul-ext/kwallet5/* r,
|
||||
|
||||
/etc/@{firefox_name}/{,**} r,
|
||||
/etc/@{name}/{,**} r,
|
||||
/etc/cups/client.conf r,
|
||||
/etc/fstab r,
|
||||
/etc/igfx_user_feature{,_next}.txt w,
|
||||
@ -205,18 +205,18 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
|
||||
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,
|
||||
|
||||
owner @{firefox_config_dirs}/ rw,
|
||||
owner @{firefox_config_dirs}/{extensions,systemextensionsdev}/ rw,
|
||||
owner @{firefox_config_dirs}/extensions/\{*\}/ r,
|
||||
owner @{firefox_config_dirs}/firefox/ rw,
|
||||
owner @{firefox_config_dirs}/firefox/*/ rw,
|
||||
owner @{firefox_config_dirs}/firefox/*/** rwk,
|
||||
owner @{firefox_config_dirs}/firefox/installs.ini rw,
|
||||
owner @{firefox_config_dirs}/firefox/profiles.ini rw,
|
||||
owner @{firefox_config_dirs}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
|
||||
owner @{config_dirs}/ rw,
|
||||
owner @{config_dirs}/{extensions,systemextensionsdev}/ rw,
|
||||
owner @{config_dirs}/extensions/\{*\}/ r,
|
||||
owner @{config_dirs}/firefox/ rw,
|
||||
owner @{config_dirs}/firefox/*/ rw,
|
||||
owner @{config_dirs}/firefox/*/** rwk,
|
||||
owner @{config_dirs}/firefox/installs.ini rw,
|
||||
owner @{config_dirs}/firefox/profiles.ini rw,
|
||||
owner @{config_dirs}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
|
||||
|
||||
owner @{firefox_cache_dirs}/ rw,
|
||||
owner @{firefox_cache_dirs}/** rwk,
|
||||
owner @{cache_dirs}/ rw,
|
||||
owner @{cache_dirs}/** rwk,
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
@ -224,10 +224,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
owner /tmp/user/@{uid}/* rwk,
|
||||
owner /tmp/user/@{uid}/Temp-*/ rw,
|
||||
owner /tmp/user/@{uid}/Temp-*/* rwk,
|
||||
owner /tmp/user/@{uid}/@{firefox_name}/ rw,
|
||||
owner /tmp/user/@{uid}/@{firefox_name}/* rwk,
|
||||
owner /tmp/@{firefox_name}/ rw,
|
||||
owner /tmp/@{firefox_name}/* rwk,
|
||||
owner /tmp/user/@{uid}/@{name}/ rw,
|
||||
owner /tmp/user/@{uid}/@{name}/* rwk,
|
||||
owner /tmp/@{name}/ rw,
|
||||
owner /tmp/@{name}/* rwk,
|
||||
owner /tmp/* rw,
|
||||
owner /tmp/firefox_*/ rw,
|
||||
owner /tmp/firefox_*/* rwk,
|
||||
@ -295,7 +295,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
/tmp/.X0-lock r,
|
||||
|
||||
# Silencer
|
||||
deny @{firefox_lib_dirs}/** w,
|
||||
deny @{lib_dirs}/** w,
|
||||
deny @{run}/user/@{uid}/gnome-shell-disable-extensions w,
|
||||
deny /tmp/MozillaUpdateLock-* w,
|
||||
deny owner @{HOME}/.* r,
|
||||
|
@ -7,12 +7,12 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
@{cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/crashreporter
|
||||
@{exec_path} = @{lib_dirs}/crashreporter
|
||||
profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dconf-write>
|
||||
@ -33,21 +33,21 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{firefox_lib_dirs}/minidump-analyzer rPx,
|
||||
@{lib_dirs}/minidump-analyzer rPx,
|
||||
|
||||
@{bin}/mv rix,
|
||||
|
||||
/usr/share/X11/xkb/** r,
|
||||
|
||||
owner "@{firefox_config_dirs}/firefox/Crash Reports/{,**}" rw,
|
||||
owner @{firefox_config_dirs}/*.*/crashes/{,**} rw,
|
||||
owner @{firefox_config_dirs}/*.*/crashes/events/@{uuid} rw,
|
||||
owner @{firefox_config_dirs}/*.*/extensions/*.xpi r,
|
||||
owner @{firefox_config_dirs}/*.*/minidumps/{,**} rw,
|
||||
owner @{firefox_config_dirs}/*.*/minidumps//@{uuid}.{dmp,extra} r,
|
||||
owner @{firefox_config_dirs}/*.*/storage/default/* r,
|
||||
owner "@{config_dirs}/firefox/Crash Reports/{,**}" rw,
|
||||
owner @{config_dirs}/*.*/crashes/{,**} rw,
|
||||
owner @{config_dirs}/*.*/crashes/events/@{uuid} rw,
|
||||
owner @{config_dirs}/*.*/extensions/*.xpi r,
|
||||
owner @{config_dirs}/*.*/minidumps/{,**} rw,
|
||||
owner @{config_dirs}/*.*/minidumps//@{uuid}.{dmp,extra} r,
|
||||
owner @{config_dirs}/*.*/storage/default/* r,
|
||||
|
||||
owner @{firefox_cache_dirs}/firefox/*.*/** r,
|
||||
owner @{cache_dirs}/firefox/*.*/** r,
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
|
@ -6,11 +6,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/glxtest
|
||||
@{exec_path} = @{lib_dirs}/glxtest
|
||||
profile firefox-glxtest @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dri-common>
|
||||
@ -23,7 +23,7 @@ profile firefox-glxtest @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{firefox_config_dirs}/firefox/*/.parentlock rw,
|
||||
owner @{config_dirs}/firefox/*/.parentlock rw,
|
||||
|
||||
owner /tmp/firefox/.parentlock rw,
|
||||
|
||||
|
@ -9,12 +9,12 @@ include <tunables/global>
|
||||
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
@{cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/minidump-analyzer
|
||||
@{exec_path} = @{lib_dirs}/minidump-analyzer
|
||||
profile firefox-minidump-analyzer @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@ -24,15 +24,15 @@ profile firefox-minidump-analyzer @{exec_path} {
|
||||
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
||||
owner "@{firefox_config_dirs}/firefox/Crash Reports/" rw,
|
||||
owner "@{firefox_config_dirs}/firefox/Crash Reports/pending/" rw,
|
||||
owner "@{firefox_config_dirs}/firefox/Crash Reports/pending/@{hex}.{dmp,extra}" rw,
|
||||
owner @{firefox_config_dirs}/*.*/extensions/*.xpi r,
|
||||
owner @{firefox_config_dirs}/*.*/minidumps/ rw,
|
||||
owner @{firefox_config_dirs}/*.*/minidumps/@{uuid}.{dmp,extra} rw,
|
||||
owner @{firefox_config_dirs}/*.*/storage/default/* r,
|
||||
owner "@{config_dirs}/firefox/Crash Reports/" rw,
|
||||
owner "@{config_dirs}/firefox/Crash Reports/pending/" rw,
|
||||
owner "@{config_dirs}/firefox/Crash Reports/pending/@{hex}.{dmp,extra}" rw,
|
||||
owner @{config_dirs}/*.*/extensions/*.xpi r,
|
||||
owner @{config_dirs}/*.*/minidumps/ rw,
|
||||
owner @{config_dirs}/*.*/minidumps/@{uuid}.{dmp,extra} rw,
|
||||
owner @{config_dirs}/*.*/storage/default/* r,
|
||||
|
||||
owner @{firefox_cache_dirs}/firefox/*.*/startupCache/*Cache* r,
|
||||
owner @{cache_dirs}/firefox/*.*/startupCache/*Cache* r,
|
||||
|
||||
owner /tmp/@{hex}.{dmp,extra} rw,
|
||||
owner /tmp/firefox/.parentlock w,
|
||||
|
@ -7,11 +7,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name}/ /opt/@{firefox_name}/
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name}/ /opt/@{name}/
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/pingsender
|
||||
@{exec_path} = @{lib_dirs}/pingsender
|
||||
profile firefox-pingsender @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
@ -25,7 +25,7 @@ profile firefox-pingsender @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{firefox_config_dirs}/firefox/*.*/saved-telemetry-pings/@{uuid} rw,
|
||||
owner @{config_dirs}/firefox/*.*/saved-telemetry-pings/@{uuid} rw,
|
||||
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
||||
|
@ -7,10 +7,10 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/plugin-container
|
||||
@{exec_path} = @{lib_dirs}/plugin-container
|
||||
profile firefox-plugin-container @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
|
@ -6,11 +6,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{firefox_name} = firefox{,.sh,-esr,-bin}
|
||||
@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
|
||||
@{firefox_config_dirs} = @{HOME}/.mozilla/
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
|
||||
@{exec_path} = @{firefox_lib_dirs}/vaapitest
|
||||
@{exec_path} = @{lib_dirs}/vaapitest
|
||||
profile firefox-vaapitest @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dri-enumerate>
|
||||
@ -25,8 +25,8 @@ profile firefox-vaapitest @{exec_path} {
|
||||
/etc/igfx_user_feature{,_next}.txt w,
|
||||
/etc/libva.conf r,
|
||||
|
||||
deny owner @{firefox_config_dirs}/firefox/*/.parentlock rw,
|
||||
deny owner @{firefox_config_dirs}/firefox/*/startupCache/** r,
|
||||
deny owner @{config_dirs}/firefox/*/.parentlock rw,
|
||||
deny owner @{config_dirs}/firefox/*/startupCache/** r,
|
||||
deny owner @{user_cache_dirs}/mozilla/firefox/*/startupCache/* r,
|
||||
|
||||
owner /tmp/firefox/.parentlock rw,
|
||||
|
@ -7,22 +7,22 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = opera{,-beta,-developer}
|
||||
@{chromium_domain} = com.opera.Opera
|
||||
@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
||||
@{name} = opera{,-beta,-developer}
|
||||
@{domain} = com.opera.Opera
|
||||
@{lib_dirs} = @{lib}/@{multiarch}/@{name}
|
||||
@{config_dirs} = @{user_config_dirs}/@{name}
|
||||
@{cache_dirs} = @{user_cache_dirs}/@{name}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||
@{exec_path} = @{lib_dirs}/@{name}
|
||||
profile opera @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/chromium>
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{chromium_lib_dirs}/opera_autoupdate krix,
|
||||
@{chromium_lib_dirs}/opera_crashreporter rPx,
|
||||
@{chromium_lib_dirs}/opera-sandbox rPx,
|
||||
@{lib_dirs}/opera_autoupdate krix,
|
||||
@{lib_dirs}/opera_crashreporter rPx,
|
||||
@{lib_dirs}/opera-sandbox rPx,
|
||||
|
||||
/opt/google/chrome{,-beta,-unstable}/libwidevinecdm.so mr,
|
||||
/opt/google/chrome{,-beta,-unstable}/libwidevinecdmadapter.so mr,
|
||||
|
@ -7,11 +7,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = opera{,-beta,-developer}
|
||||
@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
|
||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||
@{name} = opera{,-beta,-developer}
|
||||
@{lib_dirs} = @{lib}/@{multiarch}/@{name}
|
||||
@{config_dirs} = @{user_config_dirs}/@{name}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/opera_crashreporter
|
||||
@{exec_path} = @{lib_dirs}/opera_crashreporter
|
||||
profile opera-crashreporter @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
@ -25,9 +25,9 @@ profile opera-crashreporter @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{chromium_config_dirs}/crash_count.txt rwk,
|
||||
owner @{chromium_config_dirs}/GPUCache/data_* r,
|
||||
owner @{chromium_config_dirs}/GPUCache/index r,
|
||||
owner @{config_dirs}/crash_count.txt rwk,
|
||||
owner @{config_dirs}/GPUCache/data_* r,
|
||||
owner @{config_dirs}/GPUCache/index r,
|
||||
|
||||
owner @{PROC}/@{pids}/cmdline r,
|
||||
owner @{PROC}/@{pids}/environ r,
|
||||
|
@ -6,10 +6,10 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{chromium_name} = opera{,-beta,-developer}
|
||||
@{chromium_lib_dirs} = @{lib}/@{multiarch}/@{chromium_name}
|
||||
@{name} = opera{,-beta,-developer}
|
||||
@{lib_dirs} = @{lib}/@{multiarch}/@{name}
|
||||
|
||||
@{exec_path} = @{chromium_lib_dirs}/opera_sandbox
|
||||
@{exec_path} = @{lib_dirs}/opera_sandbox
|
||||
profile opera-sandbox @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
@ -25,7 +25,7 @@ profile opera-sandbox @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{chromium_lib_dirs}/opera{,-beta,-developer} rPx,
|
||||
@{lib_dirs}/opera{,-beta,-developer} rPx,
|
||||
|
||||
@{PROC} r,
|
||||
@{PROC}/@{pids}/ r,
|
||||
|
Loading…
Reference in New Issue
Block a user