From 31edd15e8a6fd507749a1df51102eb743366fac9 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 13 Nov 2023 22:11:12 +0000 Subject: [PATCH] feat(profiles): improve kde integration. --- apparmor.d/groups/kde/dolphin | 1 + apparmor.d/groups/kde/kconf_update | 5 +++-- apparmor.d/groups/kde/kde-powerdevil | 7 ++++++- apparmor.d/groups/kde/kwin_wayland | 15 ++++++++------- .../groups/kde/plasma-browser-integration-host | 3 ++- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index 83370adf..4a788c3d 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -10,6 +10,7 @@ include profile dolphin @{exec_path} { include include + include include include include diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index a3d39a16..d2987b2b 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -52,6 +52,8 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/dolphinrc.lock rwk, owner @{user_config_dirs}/dolphinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/gtk-{3,4}.0/* rwlk -> @{user_config_dirs}/gtk-{3,4}.0/**, + owner @{user_config_dirs}/kactivitymanagerd-statsrc rw, owner @{user_config_dirs}/kateschemarc.lock rwk, owner @{user_config_dirs}/kateschemarc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kcminputrc.lock rwk, @@ -83,9 +85,8 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/kwinrulesrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kxkbrc.lock rwk, owner @{user_config_dirs}/kxkbrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, - owner @{user_config_dirs}/plasmashellrc r, - owner @{user_config_dirs}/kactivitymanagerd-statsrc rw, owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc rw, + owner @{user_config_dirs}/plasmashellrc r, owner @{user_config_dirs}/sed@{rand6} rw, owner @{user_config_dirs}/xsettingsd/xsettingsd.conf rw, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 91fc5864..03eebce2 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -50,10 +50,15 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, + @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/drm/ r, - @{sys}/bus/ r, + @{sys}/class/i2c-dev/ r, + @{sys}/class/usbmisc/ r, @{sys}/devices/@{pci}/drm/card@{int}/*/status r, + @{sys}/devices/i2c-[0-9]*/name r, + @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, + @{sys}/devices/platform/*/i2c-[0-9]*/name r, /dev/tty rw, /dev/rfkill r, diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 8253ddb3..7649b402 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -74,28 +74,29 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { owner @{user_cache_dirs}/ r, owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_share_dirs}/kscreen/* r, owner @{user_cache_dirs}/ksycoca5_* r, - owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw, owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw, owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int}, - owner @{user_cache_dirs}/plasma-svgelements r, - owner @{user_cache_dirs}/plasma-svgelements.lock rwk, - owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw, owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw, + owner @{user_cache_dirs}/plasma-svgelements r, + owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/plasma-svgelements.lock rwk, + owner @{user_share_dirs}/kscreen/* r, owner @{user_config_dirs}/#@{int} rwl, owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdeglobals r, - owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk, + owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kscreenlockerrc r, - owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrc.lock rwk, + owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrulesrc r, owner @{user_config_dirs}/kxkbrc r, owner @{user_config_dirs}/menus/{,applications-merged/} r, + owner @{user_config_dirs}/session/* r, @{run}/systemd/inhibit/*.ref rw, diff --git a/apparmor.d/groups/kde/plasma-browser-integration-host b/apparmor.d/groups/kde/plasma-browser-integration-host index 1ac9d9ec..9b4b797c 100644 --- a/apparmor.d/groups/kde/plasma-browser-integration-host +++ b/apparmor.d/groups/kde/plasma-browser-integration-host @@ -11,11 +11,12 @@ profile plasma-browser-integration-host @{exec_path} { include include include + include include include + include include include - include capability sys_ptrace,