mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(profile): use the new bus/atspi abstraction in the profiles.
This commit is contained in:
Alexandre Pujol
parent
fe0cb4b48d
commit
459fe7c905
26 changed files with 59 additions and 380 deletions
|
|
@ -38,10 +38,3 @@
|
|||
peer=(name=org.a11y.Bus, label="{at-spi-bus-launcher,dbus-daemon}"),
|
||||
|
||||
include if exists <abstractions/bus/atspi.d>
|
||||
# include <abstractions/bus/atspi>
|
||||
|
||||
# From dbus-gtk:
|
||||
# dbus (send) bus=session path=/org/a11y/bus
|
||||
# interface=org.freedesktop.DBus.Properties
|
||||
# member=Get
|
||||
# peer=(name=org.a11y.Bus),
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ include <tunables/global>
|
|||
profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-session>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus>
|
||||
|
|
@ -37,31 +38,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,b,d,rb}ash rUx,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gnome-control-center-print-renderer
|
||||
profile gnome-control-center-print-renderer @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -22,11 +23,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
|
|||
include <abstractions/vulkan>
|
||||
include <abstractions/wayland>
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/egl/{,**} r,
|
||||
|
|
|
|||
|
|
@ -9,14 +9,15 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js
|
||||
profile gnome-extension-ding @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gnome-session-binary
|
||||
profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -120,11 +121,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member=ActiveChanged
|
||||
peer=(name=:*, label=gjs-console),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/app-launcher-user>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-network-manager-strict>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-color
|
||||
profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -83,31 +84,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-keyboard
|
||||
profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -60,26 +61,6 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
|||
member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -139,16 +140,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -105,26 +106,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
member=GetResources
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SettingsDaemon/Power
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged,Set}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-wacom
|
||||
profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -50,31 +51,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
|||
member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-xsettings
|
||||
profile gsd-xsettings @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -75,31 +76,6 @@ profile gsd-xsettings @{exec_path} {
|
|||
member=GetAll
|
||||
peer=(name=:*), # many peer's labels
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member=GetCurrentState
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/nautilus
|
||||
profile nautilus @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile check-new-release-gtk @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/apt-common>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -27,11 +28,6 @@ profile check-new-release-gtk @{exec_path} {
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dpkg rPx,
|
||||
|
|
|
|||
|
|
@ -9,17 +9,13 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/update-notifier/livepatch-notification
|
||||
profile livepatch-notification @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/wayland>
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/update-notifier/ubuntu-advantage-notification
|
||||
profile ubuntu-advantage-notification @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ profile update-notifier @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/apt-common>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
|
|||
|
|
@ -10,45 +10,21 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/atril{,-*}
|
||||
profile atril @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/X-strict>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/engrampa
|
||||
profile engrampa @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
|
|
@ -34,16 +34,6 @@ profile engrampa @{exec_path} {
|
|||
member={IsSupported,List}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member={ListMounts2,LookupMount}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/evince @{lib}/evinced
|
||||
profile evince @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -52,33 +53,7 @@ profile evince @{exec_path} {
|
|||
dbus (send, receive) bus=session path=/org/gnome/evince/{,**}
|
||||
peer=(name="{org.gnome.evince.Daemon,org.freedesktop.DBus,:*}", label=@{profile_name}), # all interfaces and members
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.evince.Daemon,
|
||||
dbus bind bus=session name=org.gnome.evince.Daemon,
|
||||
|
||||
@{exec_path} rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -12,32 +12,31 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/qbittorrent
|
||||
profile qbittorrent @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/X-strict>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/private-files-strict>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/qt5-compose-cache-write>
|
||||
include <abstractions/qt5-settings-write>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-network-manager-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/wayland>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/openssl>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/nvidia>
|
||||
include <abstractions/openssl>
|
||||
include <abstractions/private-files-strict>
|
||||
include <abstractions/qt5-compose-cache-write>
|
||||
include <abstractions/qt5-settings-write>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/wayland>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
signal send set=(term, kill) peer=qbittorrent//python3,
|
||||
|
||||
|
|
@ -93,18 +92,7 @@ profile qbittorrent @{exec_path} {
|
|||
member={GetLayout,GetGroupProperties,AboutToShow,AboutToShowGroup,EventGroup,Event}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.kde.StatusNotifierItem-*,
|
||||
dbus bind bus=session name=org.kde.StatusNotifierItem-*,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/remmina
|
||||
profile remmina @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
|
@ -49,26 +50,6 @@ profile remmina @{exec_path} {
|
|||
dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**}
|
||||
peer=(name="{:*,org.freedesktop.DBus}"), # all interfaces and members
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/secrets/collection/session
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
@ -84,11 +65,6 @@ profile remmina @{exec_path} {
|
|||
member=RegisterStatusNotifierItem
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={IsSupported,List}
|
||||
|
|
|
|||
|
|
@ -8,16 +8,16 @@ include <tunables/global>
|
|||
@{exec_path} = /{,usr/}{,local/}bin/rustdesk
|
||||
profile rustdesk @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/openssl>
|
||||
include <abstractions/X-strict>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
|
||||
capability dac_read_search,
|
||||
capability dac_override,
|
||||
|
|
@ -28,26 +28,6 @@ profile rustdesk @{exec_path} {
|
|||
network inet6 stream,
|
||||
network netlink raw, # discovery
|
||||
|
||||
dbus (send) bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus (send) bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus (send) bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus (receive) bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{bin}/w rPx,
|
||||
|
|
|
|||
|
|
@ -10,12 +10,14 @@ include <tunables/global>
|
|||
profile spice-vdagent @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/fontconfig-cache-write>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
|
|
@ -23,36 +25,6 @@ profile spice-vdagent @{exec_path} {
|
|||
member=GetCurrentState
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus receive bus=session path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
|||
profile vlc @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
|
@ -40,11 +41,6 @@ profile vlc @{exec_path} {
|
|||
member={RequestName,ReleaseName,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.a11y.Bus),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
@ -97,20 +93,6 @@ profile vlc @{exec_path} {
|
|||
interface=org.mpris.MediaPlayer2.*
|
||||
peer=(name="{org.mpris.MediaPlayer2.vlc,org.freedesktop.DBus,:*}"), # all members
|
||||
|
||||
dbus send bus=accessibility
|
||||
interface=org.a11y.atspi.Socket
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=session name=org.kde.StatusNotifierItem-*,
|
||||
|
||||
dbus bind bus=session name=org.mpris.MediaPlayer2.vlc*,
|
||||
|
|
|
|||
Loading…
Reference in a new issue