From 4382a34b9e94ea5c01c53bff5e1238ebe2e8db3a Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 1 Dec 2023 11:09:46 +0000
Subject: [PATCH] feat(profile): add rfkill on networkd.

See #256
---
 .../gnome/evolution-addressbook-factory       | 38 +++++++++++-----
 .../groups/gnome/evolution-alarm-notify       | 19 +++++++-
 .../groups/gnome/evolution-calendar-factory   | 45 +++++++++++++------
 .../groups/gnome/gnome-shell-calendar-server  | 39 ++++++++++------
 apparmor.d/groups/systemd/systemd-networkd    |  1 +
 5 files changed, 101 insertions(+), 41 deletions(-)

diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory
index 3d63dbd3..da7e5239 100644
--- a/apparmor.d/groups/gnome/evolution-addressbook-factory
+++ b/apparmor.d/groups/gnome/evolution-addressbook-factory
@@ -9,13 +9,14 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory
 profile evolution-addressbook-factory @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dbus-network-manager-strict>
+  include <abstractions/bus/network-manager>
+  include <abstractions/bus/vfs>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/nameservice-strict>
-  include <abstractions/ssl_certs>
   include <abstractions/p11-kit>
+  include <abstractions/ssl_certs>
 
   network inet stream,
   network inet6 stream,
@@ -25,18 +26,31 @@ profile evolution-addressbook-factory @{exec_path} {
 
   dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
 
-  dbus send bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll,
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.gnome.evolution.dataserver.*
+       peer=(name=:*),
 
-  dbus send bus=system path=/org/freedesktop/locale[0-9]
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll,
+  dbus send bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.gnome.evolution.dataserver.*
+       peer=(name=org.freedesktop.DBus, label=evolution-*),
 
-  dbus receive bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.NetworkManager
-       member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
-       peer=(name=:*, label=NetworkManager),
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*, label=evolution-*),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=:*, label=evolution-source-registry),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=org.freedesktop.DBus, label=evolution-calendar-factory),
+
+  dbus send bus=system path=/org/freedesktop/locale1
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*, label=systemd-localed),
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify
index c338ae67..1d412316 100644
--- a/apparmor.d/groups/gnome/evolution-alarm-notify
+++ b/apparmor.d/groups/gnome/evolution-alarm-notify
@@ -9,7 +9,9 @@ include <tunables/global>
 @{exec_path} = @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify
 profile evolution-alarm-notify @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dbus-session>
+  include <abstractions/bus/atspi>
+  include <abstractions/dbus-accessibility-strict>
+  include <abstractions/dbus-session-strict>
   include <abstractions/dconf-write>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/gnome>
@@ -19,6 +21,21 @@ profile evolution-alarm-notify @{exec_path} {
 
   network netlink raw,
 
+  dbus bind bus=session name=org.gnome.Evolution-alarm-notify,
+
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.gnome.evolution.dataserver.Calendar*
+       peer=(name=:*, label=evolution-*),
+
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.{ObjectManager,Properties}
+       peer=(name=:*, label=evolution-*),
+
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   /usr/share/evolution-data-server/{,**} r,
diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory
index b9a9e66d..1db9c4e0 100644
--- a/apparmor.d/groups/gnome/evolution-calendar-factory
+++ b/apparmor.d/groups/gnome/evolution-calendar-factory
@@ -9,13 +9,12 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory
 profile evolution-calendar-factory @{exec_path} {
   include <abstractions/base>
-  include <abstractions/dbus-network-manager-strict>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/nameservice-strict>
-  include <abstractions/ssl_certs>
   include <abstractions/p11-kit>
+  include <abstractions/ssl_certs>
 
   network inet stream,
   network inet6 stream,
@@ -23,24 +22,42 @@ profile evolution-calendar-factory @{exec_path} {
   network inet6 dgram,
   network netlink raw,
 
-  dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.DBus.Properties
-       member={PropertiesChanged,GetAll},
+  dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int},
 
-  dbus receive bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.NetworkManager
-       member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
-       peer=(name=:*, label=NetworkManager),
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.gnome.evolution.dataserver.*
+       peer=(name=:*),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.gnome.evolution.dataserver.*
+       peer=(name=org.freedesktop.DBus, label="{evolution-*,gnome-shell-*-server}"),
+
+  dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=org.freedesktop.DBus, label=evolution-*),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=:*, label=evolution-source-registry),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/**
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=org.freedesktop.DBus, label=gnome-shell-calendar-server),
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
-       member=Introspect 
+       member=Introspect
        peer=(name=:*, label=gnome-shell),
 
-  dbus (send,receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
-       interface={org.freedesktop.DBus.{ObjectManager,Properties},org.gnome.evolution.dataserver.*},
-
-  dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar[0-9]*,
+  dbus send bus=session path=/org/gtk/vfs/mounttracker
+       interface=org.gtk.vfs.MountTracker
+       peer=(name=:*, label=gvfsd),
 
   @{exec_path} mr,
   @{exec_path}-subprocess rix,
diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server
index 146b2452..25010724 100644
--- a/apparmor.d/groups/gnome/gnome-shell-calendar-server
+++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server
@@ -14,26 +14,37 @@ profile gnome-shell-calendar-server @{exec_path} {
   include <abstractions/nameservice-strict>
 
   dbus bind bus=session name=org.gnome.Shell.CalendarServer,
+  dbus receive bus=session path=/org/gnome/Shell/CalendarServer
+       interface=org.gnome.Shell.CalendarServer
+       peer=(name=:*, label=gnome-shell),
+
+  dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*, label=evolution-*),
+
+  dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
+       interface=org.gnome.evolution.dataserver.Calendar*
+       peer=(name=:*, label=evolution-*),
+
+  dbus (send receive) bus=session path=/org/gnome/Shell/CalendarServer
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*, label=gnome-shell),
+
+  dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=:*, label=evolution-source-registry),
+
+  dbus send bus=session path=/org/gnome/Shell/CalendarServer
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=org.freedesktop.DBus, label=gnome-shell),
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect 
        peer=(name=:*, label=gnome-shell),
 
-  dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
-       interface=org.gnome.evolution.dataserver.CalendarView
-       peer=(name=:*, label=evolution-calendar-factory),
-
-  dbus receive bus=session path=/org/gnome/Shell/CalendarServer
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll 
-       peer=(name=:*, label=gnome-shell),
-
-  dbus receive bus=session path=/org/gnome/Shell/CalendarServer
-       interface=org.gnome.Shell.CalendarServer
-       member=SetTimeRange 
-       peer=(name=:*, label=gnome-shell),
-
   @{exec_path} mr,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd
index 5b6499bf..6c8099fc 100644
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@@ -70,6 +70,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
 
   @{run}/udev/data/n@{int} r,
 
+  @{sys}/devices/@{pci}/rfkill@{int}/* r,
   @{sys}/devices/**/net/** r,
   @{sys}/devices/pci[0-9]*/**/ r,
   @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,