chore: enforce indentation consistency across profile.

2024-11-14 23:43:56 +01:00 · 2024-10-16 23:36:13 +01:00 · 2024-10-16 23:36:13 +01:00 · 37bafddc80
commit 37bafddc80
parent 6e2d817805
30 changed files with 181 additions and 182 deletions
--- a/apparmor.d/groups/avahi/avahi-browse
+++ b/apparmor.d/groups/avahi/avahi-browse
@ -15,7 +15,7 @@ profile avahi-browse @{exec_path} {
  include <abstractions/consoles>

  dbus receive bus=system path=/Client@{int}/ServiceTypeBrowser@{int}
-      interface=org.freedesktop.Avahi.ServiceTypeBrowser
+       interface=org.freedesktop.Avahi.ServiceTypeBrowser
       member={ItemNew,AllForNow,CacheExhausted}
       peer=(name=:*, label=avahi-daemon),

--- a/apparmor.d/groups/bus/ibus-memconf
+++ b/apparmor.d/groups/bus/ibus-memconf
@ -16,10 +16,10 @@ profile ibus-memconf @{exec_path} flags=(attach_disconnected) {

  signal (receive) set=(term) peer=ibus-daemon,

-    dbus receive bus=session
-         interface=org.freedesktop.DBus.Introspectable
-         member=Introspect 
-         peer=(name=:*, label=gnome-shell),
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),

  @{exec_path} mr,

--- a/apparmor.d/groups/cron/cron
+++ b/apparmor.d/groups/cron/cron
@ -74,7 +74,7 @@ profile cron @{exec_path} flags=(attach_disconnected) {

    owner @{tmp}/#@{int} rw,

-   include if exists <local/cron_run-parts>
+    include if exists <local/cron_run-parts>
  }

  include if exists <local/cron>
--- a/apparmor.d/groups/network/iwd
+++ b/apparmor.d/groups/network/iwd
@ -22,7 +22,7 @@ profile iwd @{exec_path} {
  network netlink dgram,
  network alg seqpacket,

-   @{exec_path} mr,
+  @{exec_path} mr,

  /etc/iwd/{,**} r,
  /var/lib/iwd/{,**} rw,
--- a/apparmor.d/groups/network/mullvad-daemon
+++ b/apparmor.d/groups/network/mullvad-daemon
@ -49,8 +49,8 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
  owner /var/log/mullvad-vpn/{,*} rw,
  owner /var/log/private/mullvad-vpn/*.log rw,

+        @{run}/NetworkManager/resolv.conf r,
  owner @{run}/mullvad-vpn rw,
-  @{run}/NetworkManager/resolv.conf r,

  @{sys}/fs/cgroup/net_cls/ w,
  @{sys}/fs/cgroup/net_cls/mullvad-exclusions/ w,
--- a/apparmor.d/groups/ssh/ssh-agent-launch
+++ b/apparmor.d/groups/ssh/ssh-agent-launch
@ -25,14 +25,14 @@ profile ssh-agent-launch @{exec_path} {
    include <abstractions/bus-session>

    dbus send bus=session path=/org/freedesktop/DBus
-        interface=org.freedesktop.DBus
-        member=UpdateActivationEnvironment 
-        peer=(name=org.freedesktop.DBus, label=dbus-session),
+         interface=org.freedesktop.DBus
+         member=UpdateActivationEnvironment 
+         peer=(name=org.freedesktop.DBus, label=dbus-session),

    dbus send bus=session path=/org/freedesktop/systemd1
-        interface=org.freedesktop.systemd1.Manager
-        member=SetEnvironment 
-        peer=(name=org.freedesktop.systemd1),
+         interface=org.freedesktop.systemd1.Manager
+         member=SetEnvironment 
+         peer=(name=org.freedesktop.systemd1),

    @{bin}/dbus-update-activation-environment mr,

--- a/apparmor.d/groups/systemd/bootctl
+++ b/apparmor.d/groups/systemd/bootctl
@ -67,8 +67,8 @@ profile bootctl @{exec_path} {
  @{sys}/firmware/efi/efivars/SetupMode-@{uuid} r,
  @{sys}/firmware/efi/fw_platform_size r,

-       @{PROC}/sys/kernel/random/poolsize r,
- owner @{PROC}/@{pid}/cgroup r,
+        @{PROC}/sys/kernel/random/poolsize r,
+  owner @{PROC}/@{pid}/cgroup r,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/profiles-g-l/ifup
+++ b/apparmor.d/profiles-g-l/ifup
@ -85,7 +85,7 @@ profile ifup @{exec_path} {

    /etc/network/if-up.d/ r,
    /etc/network/if-up.d/*resolvconf           rPUx,
-    /etc/network/if-up.d/resolved	       rPUx,
+    /etc/network/if-up.d/resolved              rPUx,
    /etc/network/if-up.d/chrony                rPUx,
    /etc/network/if-up.d/ethtool               rPUx,
    /etc/network/if-up.d/ifenslave             rPUx,
--- a/apparmor.d/profiles-g-l/linuxqq
+++ b/apparmor.d/profiles-g-l/linuxqq
@ -13,38 +13,38 @@ include <tunables/global>

@{exec_path} = @{bin}/linuxqq @{lib_dirs}/qq
 profile linuxqq @{exec_path} flags=(attach_disconnected) {
-    include <abstractions/base>
-    include <abstractions/attached/consoles>
-    include <abstractions/audio-client>
-    include <abstractions/common/electron>
-    include <abstractions/fontconfig-cache-read>
+  include <abstractions/base>
+  include <abstractions/attached/consoles>
+  include <abstractions/audio-client>
+  include <abstractions/common/electron>
+  include <abstractions/fontconfig-cache-read>

-    network netlink raw,
-    network netlink dgram,
-    network inet stream,
-    network inet dgram,
-    network inet6 dgram,
-    network inet6 stream,
+  network netlink raw,
+  network netlink dgram,
+  network inet stream,
+  network inet dgram,
+  network inet6 dgram,
+  network inet6 stream,

-    @{exec_path} mrix,
+  @{exec_path} mrix,

-	@{sh_path}  r,
-    @{bin}/grep rix,
-    @{lib_dirs}/chrome_crashpad_handler ix,
-    @{lib_dirs}/resources/app/{,**} m,
-    @{open_path} rPx -> child-open-strict,
+  @{sh_path}  r,
+  @{bin}/grep rix,
+  @{lib_dirs}/chrome_crashpad_handler ix,
+  @{lib_dirs}/resources/app/{,**} m,
+  @{open_path} rPx -> child-open-strict,

-    /etc/machine-id r,
+  /etc/machine-id r,

-    @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
-    @{run}/utmp r,
+  @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
+  @{run}/utmp r,

-    owner @{PROC}/@{pid}/loginuid r,
-    owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/loginuid r,
+  owner @{PROC}/@{pid}/mounts r,

-    /dev/tty rw,
+  /dev/tty rw,

-    include if exists <local/linuxqq>
+  include if exists <local/linuxqq>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/profiles-s-z/ufw
+++ b/apparmor.d/profiles-s-z/ufw
@ -9,54 +9,54 @@ include <tunables/global>

@{exec_path} = @{bin}/ufw
 profile ufw @{exec_path} flags=(attach_disconnected) {
-    include <abstractions/base>
-    include <abstractions/attached/consoles>
-    include <abstractions/nameservice-strict>
-    include <abstractions/python>
+  include <abstractions/base>
+  include <abstractions/attached/consoles>
+  include <abstractions/nameservice-strict>
+  include <abstractions/python>

-    capability dac_read_search,
-    capability net_admin,
-    capability net_raw,
-    capability sys_ptrace,
+  capability dac_read_search,
+  capability net_admin,
+  capability net_raw,
+  capability sys_ptrace,

-    network inet dgram,
-    network inet raw,
-    network inet6 dgram,
-    network inet6 raw,
-    network netlink raw,
+  network inet dgram,
+  network inet raw,
+  network inet6 dgram,
+  network inet6 raw,
+  network netlink raw,

-    ptrace read,
+  ptrace read,

-    @{exec_path} mr,
+  @{exec_path} mr,

-    @{bin}/ r,
-    @{bin}/cat ix,
-    @{bin}/env r,
-    @{bin}/python3.@{int} ix,
-    @{bin}/sysctl ix,
-    @{bin}/xtables-legacy-multi ix,
-    @{bin}/xtables-nft-multi ix,
-    @{lib}/ufw/ufw-init ix,
+  @{bin}/ r,
+  @{bin}/cat ix,
+  @{bin}/env r,
+  @{bin}/python3.@{int} ix,
+  @{bin}/sysctl ix,
+  @{bin}/xtables-legacy-multi ix,
+  @{bin}/xtables-nft-multi ix,
+  @{lib}/ufw/ufw-init ix,

-    /etc/default/ufw rw,
-    /etc/ufw/ rw,
-    /etc/ufw/** rwk,
+  /etc/default/ufw rw,
+  /etc/ufw/ rw,
+  /etc/ufw/** rwk,

-          @{run}/xtables.lock rwk,
-    owner @{run}/ufw.lock rwk,
+        @{run}/xtables.lock rwk,
+  owner @{run}/ufw.lock rwk,

-    owner @{tmp}/@{word8} rw,
-    owner @{tmp}/tmp@{word8} rw,
-    owner /var/tmp/@{word8} rw,
-    owner /var/tmp/tmp@{word8} rw,
+  owner @{tmp}/@{word8} rw,
+  owner @{tmp}/tmp@{word8} rw,
+  owner /var/tmp/@{word8} rw,
+  owner /var/tmp/tmp@{word8} rw,

-    @{PROC}/@{pid}/fd/ r,
-    @{PROC}/@{pid}/net/ip_tables_names r,
-    @{PROC}/@{pid}/stat r,
-    @{PROC}/sys/net/ipv{4,6}/** rw,
-    @{PROC}/sys/kernel/modprobe r,
+  @{PROC}/@{pid}/fd/ r,
+  @{PROC}/@{pid}/net/ip_tables_names r,
+  @{PROC}/@{pid}/stat r,
+  @{PROC}/sys/net/ipv{4,6}/** rw,
+  @{PROC}/sys/kernel/modprobe r,

-    include if exists <local/ufw>
+  include if exists <local/ufw>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/profiles-s-z/update-pciids
+++ b/apparmor.d/profiles-s-z/update-pciids
@ -38,7 +38,7 @@ profile update-pciids @{exec_path} {
  /usr/share/misc/ r,
  /usr/share/misc/* rwl -> /usr/share/misc/*,

-   # For shell pwd
+  # For shell pwd
  /root/ r,


--- a/apparmor.d/profiles-s-z/wechat-universal
+++ b/apparmor.d/profiles-s-z/wechat-universal
@ -13,48 +13,48 @@ include <tunables/global>

@{exec_path} = @{bin}/wechat-universal @{lib_dirs}/wechat
 profile wechat-universal @{exec_path} flags=(attach_disconnected) {
-    include <abstractions/base>
-    include <abstractions/attached/consoles>
-    include <abstractions/audio-client>
-    include <abstractions/common/electron>
-    include <abstractions/common/bwrap>
-    include <abstractions/fontconfig-cache-read>
-    include <abstractions/app/bus>
+  include <abstractions/base>
+  include <abstractions/attached/consoles>
+  include <abstractions/audio-client>
+  include <abstractions/common/electron>
+  include <abstractions/common/bwrap>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/app/bus>

-    network netlink raw,
-    network netlink dgram,
-    network inet stream,
-    network inet dgram,
-    network inet6 dgram,
-    network inet6 stream,
+  network netlink raw,
+  network netlink dgram,
+  network inet stream,
+  network inet dgram,
+  network inet6 dgram,
+  network inet6 stream,

-    @{exec_path} mrix,
+  @{exec_path} mrix,

-	@{sh_path}  rix,
-    @{lib}/wechat-universal/common.sh ix,
-    @{bin}/sed ix,
-    @{bin}/ln ix,
-    @{bin}/mkdir ix,
-    @{bin}/lsblk Px,
-    @{bin}/bwrap rix,
-    @{bin}/xdg-user-dir rix,
-    @{lib_dirs}/crashpad_handler ix,
-    @{open_path} rPx -> child-open-strict,
+  @{sh_path}  rix,
+  @{lib}/wechat-universal/common.sh ix,
+  @{bin}/sed ix,
+  @{bin}/ln ix,
+  @{bin}/mkdir ix,
+  @{bin}/lsblk Px,
+  @{bin}/bwrap rix,
+  @{bin}/xdg-user-dir rix,
+  @{lib_dirs}/crashpad_handler ix,
+  @{open_path} rPx -> child-open-strict,

-    /etc/lsb-release r,
+  /etc/lsb-release r,

-    owner @{HOME}/@{XDG_DOCUMENTS_DIR}/WeChat_Data/{,**} rwk,
-    owner @{HOME}/.xwechat/{,**} rwk,
-    owner @{HOME}/.sys1og.conf rw,
+  owner @{HOME}/@{XDG_DOCUMENTS_DIR}/WeChat_Data/{,**} rwk,
+  owner @{HOME}/.xwechat/{,**} rwk,
+  owner @{HOME}/.sys1og.conf rw,

-    @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
-    @{run}/utmp r,
+  @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
+  @{run}/utmp r,

-    @{PROC}/@{pid}/net/route r,
+  @{PROC}/@{pid}/net/route r,

-    /dev/tty rw,
+  /dev/tty rw,

-    include if exists <local/wechat-universal>
+  include if exists <local/wechat-universal>
 }

 # vim:syntax=apparmor
--- a/apparmor.d/profiles-s-z/wemeet
+++ b/apparmor.d/profiles-s-z/wemeet
@ -10,54 +10,53 @@ include <tunables/global>
@{exec_path} += /opt/wemeet/bin/wemeetapp
@{exec_path} += /opt/wemeet/bin/QtWebEngineProcess
 profile wemeet @{exec_path} flags=(attach_disconnected) {
-    include <abstractions/base>
-    include <abstractions/attached/consoles>
-    include <abstractions/nameservice-strict>
-    include <abstractions/common/bwrap>
-    include <abstractions/common/chromium>
-    include <abstractions/graphics>
-    include <abstractions/desktop>
-    include <abstractions/ssl_certs>
-    include <abstractions/fontconfig-cache-read>
-    include <abstractions/audio-client>
+  include <abstractions/base>
+  include <abstractions/attached/consoles>
+  include <abstractions/audio-client>
+  include <abstractions/common/bwrap>
+  include <abstractions/common/chromium>
+  include <abstractions/desktop>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/graphics>
+  include <abstractions/nameservice-strict>
+  include <abstractions/ssl_certs>

-    network netlink raw,
-    network netlink dgram,
-    network inet stream,
-    network inet dgram,
-    network inet6 dgram,
-    network inet6 stream,
+  network netlink raw,
+  network netlink dgram,
+  network inet stream,
+  network inet dgram,
+  network inet6 dgram,
+  network inet6 stream,

-    @{exec_path} mr,
+  @{exec_path} mr,

-    @{sh_path} r,
-    @{bin}/basename rix,
-    @{bin}/bwrap rix,
-    @{bin}/id rix,
-    @{bin}/mkdir rix,
-    /opt/wemeet/bin/** rix,
+  @{sh_path} r,
+  @{bin}/basename rix,
+  @{bin}/bwrap rix,
+  @{bin}/id rix,
+  @{bin}/mkdir rix,
+  /opt/wemeet/bin/** rix,

-    /etc/machine-id r,
-    /var/cache/ w,
+  /etc/machine-id r,
+  /var/cache/ w,

-    owner @{user_share_dirs}/wemeetapp/ rw,
-    owner @{user_share_dirs}/wemeetapp/** rwlk -> @{user_share_dirs}/wemeetapp/**,
+  owner @{user_share_dirs}/wemeetapp/ rw,
+  owner @{user_share_dirs}/wemeetapp/** rwlk -> @{user_share_dirs}/wemeetapp/**,

-    @{PROC}/ r,
-    @{PROC}/asound/ r,
-    @{PROC}/@{pid}/net/route r,
-    @{PROC}/@{pid}/net/wireless r,
-    @{PROC}/@{pid}/stat r,
-    @{PROC}/@{pid}/statm r,
-    @{PROC}/sys/fs/inotify/max_user_watches r,
-    owner @{PROC}/@{pid}/cmdline r,
+        @{PROC}/ r,
+        @{PROC}/asound/ r,
+        @{PROC}/@{pid}/net/route r,
+        @{PROC}/@{pid}/net/wireless r,
+        @{PROC}/@{pid}/stat r,
+        @{PROC}/@{pid}/statm r,
+        @{PROC}/sys/fs/inotify/max_user_watches r,
+  owner @{PROC}/@{pid}/cmdline r,

-    /dev/ r,
-    /dev/tty rw,
-    /dev/shm/ r,
-
-    include if exists <local/wemeet>
+  /dev/ r,
+  /dev/tty rw,
+  /dev/shm/ r,

+  include if exists <local/wemeet>
 }

 # vim:syntax=apparmor