mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
Alexandre Pujol
parent
8e45076077
commit
4382a34b9e
5 changed files with 101 additions and 41 deletions
|
|
@ -9,13 +9,14 @@ include <tunables/global>
|
||||||
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory
|
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory
|
||||||
profile evolution-addressbook-factory @{exec_path} {
|
profile evolution-addressbook-factory @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dbus-network-manager-strict>
|
include <abstractions/bus/network-manager>
|
||||||
|
include <abstractions/bus/vfs>
|
||||||
include <abstractions/dbus-session-strict>
|
include <abstractions/dbus-session-strict>
|
||||||
include <abstractions/dbus-strict>
|
include <abstractions/dbus-strict>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/ssl_certs>
|
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
network inet stream,
|
network inet stream,
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
|
|
@ -25,18 +26,31 @@ profile evolution-addressbook-factory @{exec_path} {
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
|
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.gnome.evolution.dataserver.*
|
||||||
member=GetAll,
|
peer=(name=:*),
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/locale[0-9]
|
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.gnome.evolution.dataserver.*
|
||||||
member=GetAll,
|
peer=(name=org.freedesktop.DBus, label=evolution-*),
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
interface=org.freedesktop.NetworkManager
|
interface=org.freedesktop.DBus.Properties
|
||||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
peer=(name=:*, label=evolution-*),
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
|
||||||
|
interface=org.freedesktop.DBus.ObjectManager
|
||||||
|
member=GetManagedObjects
|
||||||
|
peer=(name=:*, label=evolution-source-registry),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=PropertiesChanged
|
||||||
|
peer=(name=org.freedesktop.DBus, label=evolution-calendar-factory),
|
||||||
|
|
||||||
|
dbus send bus=system path=/org/freedesktop/locale1
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=:*, label=systemd-localed),
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,9 @@ include <tunables/global>
|
||||||
@{exec_path} = @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify
|
@{exec_path} = @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify
|
||||||
profile evolution-alarm-notify @{exec_path} {
|
profile evolution-alarm-notify @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dbus-session>
|
include <abstractions/bus/atspi>
|
||||||
|
include <abstractions/dbus-accessibility-strict>
|
||||||
|
include <abstractions/dbus-session-strict>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
include <abstractions/gnome>
|
include <abstractions/gnome>
|
||||||
|
|
@ -19,6 +21,21 @@ profile evolution-alarm-notify @{exec_path} {
|
||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
dbus bind bus=session name=org.gnome.Evolution-alarm-notify,
|
||||||
|
|
||||||
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.gnome.evolution.dataserver.Calendar*
|
||||||
|
peer=(name=:*, label=evolution-*),
|
||||||
|
|
||||||
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.freedesktop.DBus.{ObjectManager,Properties}
|
||||||
|
peer=(name=:*, label=evolution-*),
|
||||||
|
|
||||||
|
dbus receive bus=session
|
||||||
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
|
member=Introspect
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/evolution-data-server/{,**} r,
|
/usr/share/evolution-data-server/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -9,13 +9,12 @@ include <tunables/global>
|
||||||
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory
|
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory
|
||||||
profile evolution-calendar-factory @{exec_path} {
|
profile evolution-calendar-factory @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dbus-network-manager-strict>
|
|
||||||
include <abstractions/dbus-session-strict>
|
include <abstractions/dbus-session-strict>
|
||||||
include <abstractions/dbus-strict>
|
include <abstractions/dbus-strict>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/ssl_certs>
|
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
network inet stream,
|
network inet stream,
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
|
|
@ -23,24 +22,42 @@ profile evolution-calendar-factory @{exec_path} {
|
||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager
|
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int},
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member={PropertiesChanged,GetAll},
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
interface=org.freedesktop.NetworkManager
|
interface=org.gnome.evolution.dataserver.*
|
||||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
peer=(name=:*),
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.gnome.evolution.dataserver.*
|
||||||
|
peer=(name=org.freedesktop.DBus, label="{evolution-*,gnome-shell-*-server}"),
|
||||||
|
|
||||||
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=:*),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=org.freedesktop.DBus, label=evolution-*),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
|
||||||
|
interface=org.freedesktop.DBus.ObjectManager
|
||||||
|
member=GetManagedObjects
|
||||||
|
peer=(name=:*, label=evolution-source-registry),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=PropertiesChanged
|
||||||
|
peer=(name=org.freedesktop.DBus, label=gnome-shell-calendar-server),
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
member=Introspect
|
member=Introspect
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus (send,receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
|
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||||
interface={org.freedesktop.DBus.{ObjectManager,Properties},org.gnome.evolution.dataserver.*},
|
interface=org.gtk.vfs.MountTracker
|
||||||
|
peer=(name=:*, label=gvfsd),
|
||||||
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar[0-9]*,
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
@{exec_path}-subprocess rix,
|
@{exec_path}-subprocess rix,
|
||||||
|
|
|
||||||
|
|
@ -14,26 +14,37 @@ profile gnome-shell-calendar-server @{exec_path} {
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.Shell.CalendarServer,
|
dbus bind bus=session name=org.gnome.Shell.CalendarServer,
|
||||||
|
dbus receive bus=session path=/org/gnome/Shell/CalendarServer
|
||||||
|
interface=org.gnome.Shell.CalendarServer
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=:*, label=evolution-*),
|
||||||
|
|
||||||
|
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
||||||
|
interface=org.gnome.evolution.dataserver.Calendar*
|
||||||
|
peer=(name=:*, label=evolution-*),
|
||||||
|
|
||||||
|
dbus (send receive) bus=session path=/org/gnome/Shell/CalendarServer
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager
|
||||||
|
interface=org.freedesktop.DBus.ObjectManager
|
||||||
|
member=GetManagedObjects
|
||||||
|
peer=(name=:*, label=evolution-source-registry),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Shell/CalendarServer
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=PropertiesChanged
|
||||||
|
peer=(name=org.freedesktop.DBus, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
member=Introspect
|
member=Introspect
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
|
||||||
interface=org.gnome.evolution.dataserver.CalendarView
|
|
||||||
peer=(name=:*, label=evolution-calendar-factory),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Shell/CalendarServer
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Shell/CalendarServer
|
|
||||||
interface=org.gnome.Shell.CalendarServer
|
|
||||||
member=SetTimeRange
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
|
||||||
|
|
@ -70,6 +70,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
|
||||||
|
|
||||||
@{run}/udev/data/n@{int} r,
|
@{run}/udev/data/n@{int} r,
|
||||||
|
|
||||||
|
@{sys}/devices/@{pci}/rfkill@{int}/* r,
|
||||||
@{sys}/devices/**/net/** r,
|
@{sys}/devices/**/net/** r,
|
||||||
@{sys}/devices/pci[0-9]*/**/ r,
|
@{sys}/devices/pci[0-9]*/**/ r,
|
||||||
@{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
|
@{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue