From 401606b1aa01d90299123adc29f14bf190e63c63 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 6 Dec 2023 19:21:06 +0000
Subject: [PATCH] feat(dbus):  add more dbus abstraction.

---
 .../abstractions/bus/net.hadess.PowerProfiles | 10 +++++++
 .../bus/net.hadess.SwitcherooControl          | 10 +++++++
 .../abstractions/bus/net.reactivated.Fprint   | 20 +++++++++++++
 .../bus/org.freedesktop.ColorManager          | 20 +++++++++++++
 .../bus/org.freedesktop.FileManager1          | 15 ++++++++++
 .../abstractions/bus/org.freedesktop.GeoClue2 | 30 +++++++++++++++++++
 .../bus/org.freedesktop.PackageKit            | 10 +++++++
 .../bus/org.freedesktop.ScreenSaver           |  6 ++++
 ...rg.freedesktop.impl.portal.PermissionStore | 15 ++++++++++
 .../abstractions/bus/org.freedesktop.secrets  | 30 +++++++++++++++++++
 .../bus/org.gnome.Mutter.DisplayConfig        | 25 ++++++++++++++++
 11 files changed, 191 insertions(+)
 create mode 100644 apparmor.d/abstractions/bus/net.hadess.PowerProfiles
 create mode 100644 apparmor.d/abstractions/bus/net.hadess.SwitcherooControl
 create mode 100644 apparmor.d/abstractions/bus/net.reactivated.Fprint
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.ColorManager
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.FileManager1
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.GeoClue2
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.PackageKit
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore
 create mode 100644 apparmor.d/abstractions/bus/org.freedesktop.secrets
 create mode 100644 apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig

diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles
new file mode 100644
index 00000000..3b4a9221
--- /dev/null
+++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/net/hadess/PowerProfiles
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=power-profiles-daemon),
+
+  include if exists <abstractions/bus/net.hadess.PowerProfiles.d>
diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl
new file mode 100644
index 00000000..40b6a07a
--- /dev/null
+++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/net/hadess/SwitcherooControl
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=switcheroo-control),
+
+  include if exists <abstractions/bus/net.hadess.SwitcherooControl.d>
diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint
new file mode 100644
index 00000000..b2be7a1d
--- /dev/null
+++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/net/reactivated/Fprint/Manager
+       interface=net.reactivated.Fprint.Manager
+       member=GetDefaultDevice
+       peer=(name=:*, label=fprintd),
+
+  dbus send bus=system path=/net/reactivated/Fprint/Manager
+       interface=net.reactivated.Fprint.Manager
+       member=GetDefaultDevice
+       peer=(name=net.reactivated.Fprint),
+
+  dbus send bus=system path=/net/reactivated/Fprint/Manager
+       interface=net.reactivated.Fprint.Manager
+       member=GetDefaultDevice
+       peer=(name=net.reactivated.Fprint, label=fprintd),
+
+  include if exists <abstractions/bus/net.reactivated.Fprint.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager
new file mode 100644
index 00000000..5ed50fac
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/ColorManager
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=colord),
+
+  dbus send bus=system path=/org/freedesktop/ColorManager
+       interface=org.freedesktop.ColorManager
+       member=CreateDevice
+       peer=(name=:*, label=colord),
+
+  dbus receive bus=system path=/org/freedesktop/ColorManager
+       interface=org.freedesktop.ColorManager
+       member={DeviceAdded,DeviceRemoved}
+       peer=(name=:*, label=colord),
+
+  include if exists <abstractions/bus/org.freedesktop.ColorManager.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1
new file mode 100644
index 00000000..1b56ba38
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1
@@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/freedesktop/FileManager1
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=nautilus),
+
+  dbus receive bus=session path=/org/freedesktop/FileManager1
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=:*, label=nautilus),
+
+  include if exists <abstractions/bus/org.freedesktop.FileManager1.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2
new file mode 100644
index 00000000..eb73a91f
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/GeoClue2/Manager
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=geoclue),
+
+  dbus send bus=system path=/org/freedesktop/GeoClue2/Agent
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=org.freedesktop.DBus, label=geoclue),
+
+  dbus receive bus=system path=/org/freedesktop/GeoClue2/Agent
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=geoclue),
+  
+  dbus send bus=system path=/org/freedesktop/GeoClue2/Manager
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=geoclue),
+
+  dbus send bus=system path=/org/freedesktop/GeoClue2/Manager
+       interface=org.freedesktop.GeoClue2.Manager
+       member=AddAgent
+       peer=(name=:*, label=geoclue),
+
+  include if exists <abstractions/bus/org.freedesktop.GeoClue2.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit
new file mode 100644
index 00000000..0912689e
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/PackageKit
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=packagekitd),
+
+  include if exists <abstractions/bus/org.freedesktop.PackageKit.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver
new file mode 100644
index 00000000..dec9d6bd
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver
@@ -0,0 +1,6 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+
+  include if exists <abstractions/bus/org.freedesktop.ScreenSaver.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore
new file mode 100644
index 00000000..9ce3ad65
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore
@@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=xdg-permission-store),
+
+  dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore
+       interface=org.freedesktop.impl.portal.PermissionStore
+       member=Lookup
+       peer=(name=:*, label=xdg-permission-store),
+
+  include if exists <abstractions/bus/org.freedesktop.impl.portal.PermissionStore.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets
new file mode 100644
index 00000000..1ca66ffa
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/freedesktop/secrets{,/**}
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-keyring-daemon),
+
+  dbus send bus=session path=/org/freedesktop/secrets
+       interface=org.freedesktop.Secret.Service
+       member={OpenSession,GetSecrets,SearchItems,ReadAlias}
+       peer=(name=:*, label=gnome-keyring-daemon),
+
+  dbus send bus=session path=/org/freedesktop/secrets/aliases/default
+       interface=org.freedesktop.Secret.Collection
+       member=CreateItem
+       peer=(name=org.freedesktop.secrets, label=gnome-keyring-daemon),
+
+  dbus receive bus=session path=/org/freedesktop/secrets/collection/login
+       interface=org.freedesktop.Secret.Collection
+       member=ItemCreated
+       peer=(name=:*, label=gnome-keyring-daemon),
+
+  dbus receive bus=session path=/org/freedesktop/secrets/collection/login
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=:*, label=gnome-keyring-daemon),
+
+  include if exists <abstractions/bus/org.freedesktop.secrets.d>
diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig
new file mode 100644
index 00000000..13737c95
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig
@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
+       interface=org.gnome.Mutter.DisplayConfig
+       member={GetResources,GetCrtcGamma}
+       peer=(name=:*, label=gnome-shell),
+
+  dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
+       interface=org.gnome.Mutter.DisplayConfig
+       member=GetCurrentState
+       peer=(name="{:*,org.gnome.Mutter.DisplayConfig}", label=gnome-shell),
+
+  dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
+       interface=org.freedesktop.DBus.Properties
+       member={GetAll,PropertiesChanged}
+       peer=(name=:*, label=gnome-shell),
+
+  dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=:*, label=gnome-shell),
+
+  include if exists <abstractions/bus/org.gnome.Mutter.DisplayConfig.d>