diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index ff9c44ab..a729b7a6 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -44,7 +44,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{libexec}/kf5/kiod5 rPUx, /{usr/,}bin/ r, /{usr/,}bin/[a-z0-9]* rPUx, - /{usr/,}lib{,exec}/dbus-1.0/dbus-daemon-launch-helper rPx, + /{usr/,}lib{,exec}/dbus-1*/dbus-daemon-launch-helper rPx, /{usr/,}lib/@{multiarch}/tumbler-1/tumblerd rPUx, /{usr/,}lib/@{multiarch}/xfce4/xfconf/xfconfd rPUx, /{usr/,}lib/ibus/ibus-* rPx, diff --git a/apparmor.d/groups/bus/dbus-daemon-launch-helper b/apparmor.d/groups/bus/dbus-daemon-launch-helper index 267629ed..567ba1fd 100644 --- a/apparmor.d/groups/bus/dbus-daemon-launch-helper +++ b/apparmor.d/groups/bus/dbus-daemon-launch-helper @@ -19,13 +19,13 @@ profile dbus-daemon-launch-helper @{exec_path} { @{exec_path} mr, @{libexec}/{,cups-pk-helper/}cups-pk-helper-mechanism rPx, + @{libexec}/kauth/backlighthelper rPx, + @{libexec}/kauth/chargethresholdhelper rPx, + @{libexec}/kauth/discretegpuhelper rPx, + @{libexec}/kauth/kded-smart-helper rPx, @{libexec}/language-selector/ls-dbus-backend rPx, /{usr/,}lib/@{multiarch}/cups-pk-helper-mechanism rPx, /{usr/,}lib/software-properties/software-properties-dbus rPx, - /{usr/,}lib/kauth/discretegpuhelper rPUx, # TODO: rPx, - /{usr/,}lib/kauth/chargethresholdhelper rPUx, # TODO: rPx, - /{usr/,}lib/kauth/backlighthelper rPUx, # TODO: rPx, - /{usr/,}lib/kauth/kded-smart-helper rPUx, # TODO: rPx, /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx, /usr/share/usb-creator/usb-creator-helper rPx, diff --git a/apparmor.d/groups/kde/kauth-backlighthelper b/apparmor.d/groups/kde/kauth-backlighthelper new file mode 100644 index 00000000..bd2782c6 --- /dev/null +++ b/apparmor.d/groups/kde/kauth-backlighthelper @@ -0,0 +1,24 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{libexec}/kauth/backlighthelper +profile kauth-backlighthelper @{exec_path} { + include + include + + capability net_admin, + + @{exec_path} mr, + + @{sys}/class/backlight/ r, + @{sys}/class/leds/ r, + + /dev/tty r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-chargethresholdhelper b/apparmor.d/groups/kde/kauth-chargethresholdhelper new file mode 100644 index 00000000..37c27679 --- /dev/null +++ b/apparmor.d/groups/kde/kauth-chargethresholdhelper @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{libexec}/kauth/chargethresholdhelper +profile kauth-chargethresholdhelper @{exec_path} { + include + include + + @{exec_path} mr, + + @{sys}/class/power_supply/ r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-discretegpuhelper b/apparmor.d/groups/kde/kauth-discretegpuhelper new file mode 100644 index 00000000..faa86f75 --- /dev/null +++ b/apparmor.d/groups/kde/kauth-discretegpuhelper @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{libexec}/kauth/discretegpuhelper +profile kauth-discretegpuhelper @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-kded-smart-helper b/apparmor.d/groups/kde/kauth-kded-smart-helper new file mode 100644 index 00000000..0089de9e --- /dev/null +++ b/apparmor.d/groups/kde/kauth-kded-smart-helper @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{libexec}/kauth/kded-smart-helper +profile kauth-kded-smart-helper @{exec_path} { + include + include + + @{exec_path} mr, + + /{usr/,}{s,}bin/smartctl rPx, + + include if exists +} \ No newline at end of file diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 54e84bbf..dd7d18f1 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -128,6 +128,10 @@ irqbalance complain iwctl complain iwd complain kaccess complain +kauth-backlighthelper complain +kauth-chargethresholdhelper complain +kauth-discretegpuhelper complain +kauth-kded-smart-helper complain kernel-install complain kgx complain kmod attach_disconnected,complain