mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-29 22:35:15 +01:00
feat(profiles): add dbus rules for some common profiles.
This commit is contained in:
Alexandre Pujol
parent
e949654614
commit
583d7a15f0
43 changed files with 584 additions and 6 deletions
|
|
@ -23,6 +23,33 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read) peer=unconfined,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member={CheckAuthorization,Changed},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={PropertiesChanged,GetAll},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member={Changed,SetLanguage},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.Accounts
|
||||
member={FindUserByName,ListCachedUsers},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.Accounts,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/accountsservice/{,**} r,
|
||||
|
|
|
|||
|
|
@ -17,12 +17,24 @@ profile colord @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send
|
||||
bus=system
|
||||
path=/org/freedesktop/ColorManager/devices/xrandr_*
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/ColorManager{,/**}
|
||||
interface=org.freedesktop.{DBus.Properties,ColorManager},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=CheckAuthorization,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.ColorManager,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}lib/colord/colord-sane rPx,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,17 @@ profile colord-sane @{exec_path} flags=(attach_disconnected,complain) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,ServiceBrowserNew},
|
||||
|
||||
dbus receive bus=system path=/Client[0-9]/ServiceBrowser[0-9]
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member={CacheExhausted,AllForNow},
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/snmp/mibs/{,*} r,
|
||||
|
|
|
|||
|
|
@ -20,6 +20,16 @@ profile pipewire-media-session @{exec_path} {
|
|||
network bluetooth stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.RealtimeKit1),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
interface=org.freedesktop.RealtimeKit1
|
||||
member=MakeThreadRealtime
|
||||
peer=(name=org.freedesktop.RealtimeKit1),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/alsa-card-profile/{,**} r,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,25 @@ profile polkitd @{exec_path} {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,RequestName},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member={Changed,BeginAuthentication},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member={GetAll,CheckAuthorization,RegisterAuthenticationAgent,AuthenticationAgentResponse2,EnumerateActions,CancelCheckAuthorization},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.PolicyKit[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{PROC}/@{pids}/stat r,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,20 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UPower{,/**}
|
||||
interface=org.freedesktop.{DBus.Properties,UPower*},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={PropertiesChanged,GetAll},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.UPower,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/UPower/ r,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,22 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,Get},
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member=StateChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -19,6 +19,14 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
|||
include <abstractions/user-download>
|
||||
include <abstractions/user-read>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member=Changed,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -20,6 +20,14 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
|||
include <abstractions/user-download>
|
||||
include <abstractions/user-write>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member=Changed,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -23,6 +23,22 @@ profile evolution-addressbook-factory @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/locale[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,10 @@ profile evolution-calendar-factory @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,30 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (send) set=(term),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User@{uid}
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member={Changed,GetAll,PropertiesChanged},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.{DBus.Properties,Accounts}
|
||||
member={GetAll,ListCachedUsers,FindUserByName},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member={ListSeats,ActivateSessionOnSeat,UnlockSession},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]/seat/seat[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus receive bus=system path=/org/gnome/DisplayManager/Manager
|
||||
interface={org.freedesktop.DBus.Properties,org.gnome.DisplayManager.Manager}
|
||||
member={RegisterDisplay,Get,RegisterSession,GetAll,OpenReauthenticationChannel},
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}{s,}prime-switch rPx,
|
||||
|
|
|
|||
|
|
@ -41,6 +41,22 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts{,/User[0-9]*}
|
||||
interface={org.freedesktop.DBus.Properties,org.freedesktop.Accounts}
|
||||
member={GetAll,FindUserByName,SetLanguage,Changed,PropertiesChanged},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=CreateSession,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member=Changed,
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
/{usr/,}bin/gnome-keyring-daemon rPx,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@ profile gdm-wayland-session @{exec_path} {
|
|||
signal (send) set=(term) peer=dbus-daemon,
|
||||
signal (send) set=(term) peer=gnome-session-binary,
|
||||
|
||||
dbus send bus=system path=/org/gnome/DisplayManager/Manager
|
||||
interface=org.gnome.DisplayManager.Manager
|
||||
member=RegisterDisplay,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,22 @@ profile gnome-extension-ding @{exec_path} {
|
|||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={ListNames,ListActivatableNames},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspec,
|
||||
|
||||
dbus send bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/env rix,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,22 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=(term) peer=gsd-*,
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member={CanPowerOff,GetSession},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]/session/_[0-9]*
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
member=SetIdleHint,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,z,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -43,6 +43,55 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
|
||||
unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]/session/_[0-9]*
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
member={ReleaseDevice,TakeControl,TakeDevice,PauseDevice},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member={CheckAuthorization,RegisterAuthenticationAgent,Changed},
|
||||
|
||||
dbus send bus=system path=/org/gnome/DisplayManager/Manager
|
||||
interface=org.gnome.DisplayManager.Manager
|
||||
member=RegisterSession
|
||||
peer=(name=org.gnome.DisplayManager),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member={CanSuspend,CanRebootToBootLoaderMenu,GetSession,Inhibit},
|
||||
|
||||
dbus send bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/{,devices/DisplayDevice}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/net/reactivated/Fprint/Manager
|
||||
interface=net.reactivated.Fprint.Manager
|
||||
member=GetDefaultDevice,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member=CheckPermissions,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/Xwayland rPx,
|
||||
|
|
|
|||
|
|
@ -25,6 +25,10 @@ profile goa-daemon @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -18,6 +18,18 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ColorManager/devices/xrandr_*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager
|
||||
member={FindDeviceByProperty,GetDevices,CreateDevice},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager
|
||||
member={DeviceAdded,ProfileAdded},
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -12,6 +12,14 @@ profile gsd-disk-utility-notify @{exec_path} {
|
|||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UDisks2
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/UDisks2/**
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/gsd-disk-utility-notify>
|
||||
|
|
|
|||
|
|
@ -21,6 +21,22 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower{,/devices/DisplayDevice}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,33 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UPower{,/**}
|
||||
interface=org.freedesktop.{DBus.Properties,UPower*},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]/session/auto
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]/session/auto
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
member=SetBrightness,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -19,6 +19,18 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
signal (send) set=(hup) peer=gsd-printer,
|
||||
|
||||
dbus (send,receive) bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member={CacheExhausted,AllForNow,CacheExhausted,AllForNow,Free},
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,ServiceBrowserNew},
|
||||
|
||||
@{exec_path} mr,
|
||||
@{libexec}/gsd-printer rPx,
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,16 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
signal (receive) set=(hup) peer=gsd-print-notifications,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=ReleaseName,
|
||||
|
||||
dbus bind bus=system
|
||||
name=com.redhat.NewPrinterNotification,
|
||||
|
||||
dbus bind bus=system
|
||||
name=com.redhat.PrinterDriversInstaller,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /dev/tty[0-9]* rw,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,26 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ModemManager[0-9]
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/sys/devices/virtual/misc/rfkill/uevent r,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,10 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/dconf>
|
||||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,14 @@ profile gsd-xsettings @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member={SetInputSources,Changed,GetAll},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.Accounts
|
||||
member=FindUserByName,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/cat rix,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,10 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/openssl>
|
||||
include <abstractions/trash>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
@{exec_path} mr,
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,10 @@ profile tracker-miner @{exec_path} {
|
|||
include <abstractions/private-files-strict>
|
||||
include <abstractions/private-files>
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/{,devices/DisplayDevice}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,10 @@ profile gvfs-udisks2-volume-monitor @{exec_path} {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UDisks2{,/**}
|
||||
interface=org.freedesktop.{DBus.*,UDisks2.*}
|
||||
peer=(label=udisksd),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/lsof rix,
|
||||
|
|
|
|||
|
|
@ -35,6 +35,49 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
network netlink raw,
|
||||
network packet dgram,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.{DBus.Properties,NetworkManager*},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member={Changed,CheckAuthorization},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=InterfacesAdded,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/nm_dispatcher
|
||||
interface=org.freedesktop.nm_dispatcher
|
||||
member=Action
|
||||
peer=(name=org.freedesktop.nm_dispatcher),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ModemManager[0-9]
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/resolve[0-9]
|
||||
interface=org.freedesktop.resolve[0-9].Manager
|
||||
member=SetLink*,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ModemManager[0-9]
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member={SessionRemoved,UserNew,SessionNew,Inhibit},
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.NetworkManager,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll},
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.hostname[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{run}/systemd/notify rw,
|
||||
|
|
|
|||
|
|
@ -25,6 +25,9 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.locale[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/systemd/language-fallback-map r,
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
|
|||
member=CheckAuthorization,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd[0-9]/unit/**
|
||||
interface=org.freedesktop.systemd[0-9]/.Scope
|
||||
interface=org.freedesktop.systemd[0-9].Scope
|
||||
member=Abandon,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/systemd[0-9]
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.timedate[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/dev/rtc[0-9] r,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,11 @@ profile systemd-user-runtime-dir @{exec_path} {
|
|||
mount fstype=tmpfs options=(rw,nosuid,nodev) -> @{run}/user/@{uid}/,
|
||||
umount @{run}/user/@{uid}/,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.login[0-9]),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,36 @@ profile packagekitd @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/PackageKit
|
||||
interface=org.freedesktop.{DBus.*,PackageKit},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=Changed,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member=CheckPermissions,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.PackageKit,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/dpkg rPx,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,25 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus receive bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=Changed,
|
||||
|
||||
dbus bind bus=system
|
||||
name=net.hadess.PowerProfiles,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/var/lib/power-profiles-daemon/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,25 @@ profile rtkit-daemon @{exec_path} {
|
|||
capability sys_nice,
|
||||
capability sys_ptrace,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
interface=org.freedesktop.RealtimeKit[0-9]
|
||||
member=MakeThreadRealtimeWithPID,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixUser,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=CheckAuthorization,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.RealtimeKit[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
# When applying policies to processes
|
||||
|
|
|
|||
|
|
@ -13,6 +13,12 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability sys_nice,
|
||||
|
||||
dbus receive
|
||||
bus=system
|
||||
path=/org/freedesktop/login[0-9]/session/_[0-9]*
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
member=Unlock,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{run}/spice-vdagentd/spice-vdagent-sock r,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,17 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus receive bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus bind bus=system
|
||||
name=net.hadess.SwitcherooControl,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{run}/udev/data/+drm:* r,
|
||||
|
|
|
|||
|
|
@ -26,6 +26,32 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UDisks2{,/**}
|
||||
interface=org.freedesktop.{DBus*,UDisks2*},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=Changed,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={ReleaseName,GetConnectionUnixUser},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=CheckAuthorization,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.UDisks2,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2018-2021 Mikhail Morfikov
|
||||
# 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2018-2022 Mikhail Morfikov
|
||||
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
|
@ -25,6 +25,13 @@ profile wpa-supplicant @{exec_path} {
|
|||
network packet raw,
|
||||
network packet dgram,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus bind bus=system
|
||||
name=fi.w1.wpa_supplicant[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{HOME}/.cat_installer/*.pem r,
|
||||
|
|
|
|||
Loading…
Reference in a new issue