mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(profiles): chromium_install_dirs -> chromium_lib_dirs
This commit is contained in:
Alexandre Pujol
parent
e9d61fb7d9
commit
6061d4981b
12 changed files with 46 additions and 46 deletions
|
|
@ -8,7 +8,7 @@
|
||||||
# This abstraction requires the following variables definied in the profile header:
|
# This abstraction requires the following variables definied in the profile header:
|
||||||
# @{chromium_name} = chromium
|
# @{chromium_name} = chromium
|
||||||
# @{chromium_domain} = org.chromium.Chromium
|
# @{chromium_domain} = org.chromium.Chromium
|
||||||
# @{chromium_install_dirs} = /{usr/,}lib/chromium
|
# @{chromium_lib_dirs} = /{usr/,}lib/chromium
|
||||||
# @{chromium_config_dirs} = @{user_config_dirs}/chromium
|
# @{chromium_config_dirs} = @{user_config_dirs}/chromium
|
||||||
# @{chromium_cache_dirs} = @{user_cache_dirs}/chromium
|
# @{chromium_cache_dirs} = @{user_cache_dirs}/chromium
|
||||||
|
|
||||||
|
|
@ -54,9 +54,9 @@
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
@{chromium_install_dirs}/{,**} r,
|
@{chromium_lib_dirs}/{,**} r,
|
||||||
@{chromium_install_dirs}/chrome_crashpad_handler rPx,
|
@{chromium_lib_dirs}/chrome_crashpad_handler rPx,
|
||||||
@{chromium_install_dirs}/chrome-sandbox rPx,
|
@{chromium_lib_dirs}/chrome-sandbox rPx,
|
||||||
|
|
||||||
# Desktop integration
|
# Desktop integration
|
||||||
/{usr/,}bin/lsb_release rPx -> lsb_release,
|
/{usr/,}bin/lsb_release rPx -> lsb_release,
|
||||||
|
|
@ -204,7 +204,7 @@
|
||||||
owner /dev/tty[0-9]* rw,
|
owner /dev/tty[0-9]* rw,
|
||||||
|
|
||||||
# Silencer
|
# Silencer
|
||||||
deny @{chromium_install_dirs}/** w,
|
deny @{chromium_lib_dirs}/** w,
|
||||||
deny @{user_share_dirs}/gvfs-metadata/* r,
|
deny @{user_share_dirs}/gvfs-metadata/* r,
|
||||||
|
|
||||||
include if exists <abstractions/chromium.d>
|
include if exists <abstractions/chromium.d>
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,11 @@ include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = brave{,-beta,-dev}
|
@{chromium_name} = brave{,-beta,-dev}
|
||||||
@{chromium_domain} = com.brave.Brave
|
@{chromium_domain} = com.brave.Brave
|
||||||
@{chromium_install_dirs} = /opt/brave.com/@{chromium_name}
|
@{chromium_lib_dirs} = /opt/brave.com/@{chromium_name}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{chromium_config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
@{chromium_cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{chromium_cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/@{chromium_name}
|
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||||
profile brave @{exec_path} {
|
profile brave @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/chromium>
|
include <abstractions/chromium>
|
||||||
|
|
@ -22,8 +22,8 @@ profile brave @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}bin/man rPUx, # For "brave --help"
|
/{usr/,}bin/man rPUx, # For "brave --help"
|
||||||
|
|
||||||
@{chromium_install_dirs}/swiftshader/libGLESv2.so mr,
|
@{chromium_lib_dirs}/swiftshader/libGLESv2.so mr,
|
||||||
@{chromium_install_dirs}/swiftshader/libEGL.so mr,
|
@{chromium_lib_dirs}/swiftshader/libEGL.so mr,
|
||||||
|
|
||||||
/usr/share/chromium/extensions/ r,
|
/usr/share/chromium/extensions/ r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_install_dirs} = /opt/brave.com/brave{,-beta,-dev}
|
@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/{brave,chrome}-sandbox
|
@{exec_path} = @{chromium_lib_dirs}/{brave,chrome}-sandbox
|
||||||
profile brave-sandbox @{exec_path} {
|
profile brave-sandbox @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
||||||
|
|
@ -21,7 +21,7 @@ profile brave-sandbox @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{chromium_install_dirs}/brave rPx,
|
@{chromium_lib_dirs}/brave rPx,
|
||||||
|
|
||||||
@{PROC} r,
|
@{PROC} r,
|
||||||
@{PROC}/@{pids}/ r,
|
@{PROC}/@{pids}/ r,
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_install_dirs} = /opt/brave.com/brave{,-beta,-dev}
|
@{chromium_lib_dirs} = /opt/brave.com/brave{,-beta,-dev}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/brave-browser{,-beta,-dev}
|
@{exec_path} = @{chromium_lib_dirs}/brave-browser{,-beta,-dev}
|
||||||
profile brave-wrapper @{exec_path} {
|
profile brave-wrapper @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
@ -24,7 +24,7 @@ profile brave-wrapper @{exec_path} {
|
||||||
/{usr/,}bin/touch rix,
|
/{usr/,}bin/touch rix,
|
||||||
/{usr/,}bin/which{,.debianutils} rix,
|
/{usr/,}bin/which{,.debianutils} rix,
|
||||||
|
|
||||||
@{chromium_install_dirs}/brave rPx,
|
@{chromium_lib_dirs}/brave rPx,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ w,
|
owner @{PROC}/@{pid}/fd/ w,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,11 @@ include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = chrome{,-beta,-unstable}
|
@{chromium_name} = chrome{,-beta,-unstable}
|
||||||
@{chromium_domain} = com.google.Chrome
|
@{chromium_domain} = com.google.Chrome
|
||||||
@{chromium_install_dirs} = /opt/google/@{chromium_name}
|
@{chromium_lib_dirs} = /opt/google/@{chromium_name}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/google-@{chromium_name}
|
@{chromium_config_dirs} = @{user_config_dirs}/google-@{chromium_name}
|
||||||
@{chromium_cache_dirs} = @{user_cache_dirs}/google-@{chromium_name}
|
@{chromium_cache_dirs} = @{user_cache_dirs}/google-@{chromium_name}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/@{chromium_name}
|
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||||
profile chrome @{exec_path} {
|
profile chrome @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/chromium>
|
include <abstractions/chromium>
|
||||||
|
|
@ -22,16 +22,16 @@ profile chrome @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}bin/man rPUx, # For "chrome --help"
|
/{usr/,}bin/man rPUx, # For "chrome --help"
|
||||||
|
|
||||||
@{chromium_install_dirs}/google-chrome{,-beta,-unstable} rPx,
|
@{chromium_lib_dirs}/google-chrome{,-beta,-unstable} rPx,
|
||||||
|
|
||||||
@{chromium_install_dirs}/nacl_helper rix,
|
@{chromium_lib_dirs}/nacl_helper rix,
|
||||||
@{chromium_install_dirs}/xdg-mime rix, #-> xdg-mime,
|
@{chromium_lib_dirs}/xdg-mime rix, #-> xdg-mime,
|
||||||
@{chromium_install_dirs}/xdg-settings rix, #-> xdg-settings,
|
@{chromium_lib_dirs}/xdg-settings rix, #-> xdg-settings,
|
||||||
|
|
||||||
@{chromium_install_dirs}/*.so* mr,
|
@{chromium_lib_dirs}/*.so* mr,
|
||||||
@{chromium_install_dirs}/libwidevinecdm.so mr,
|
@{chromium_lib_dirs}/libwidevinecdm.so mr,
|
||||||
@{chromium_install_dirs}/libwidevinecdmadapter.so mr,
|
@{chromium_lib_dirs}/libwidevinecdmadapter.so mr,
|
||||||
@{chromium_install_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,
|
@{chromium_lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr,
|
||||||
|
|
||||||
include if exists <local/chrome>
|
include if exists <local/chrome>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,10 @@ abi <abi/3.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_install_dirs} = /opt/google/chrome{,-beta,-unstable}
|
@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
|
@{chromium_config_dirs} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/chrome_crashpad_handler
|
@{exec_path} = @{chromium_lib_dirs}/chrome_crashpad_handler
|
||||||
profile chrome-crashpad-handler @{exec_path} {
|
profile chrome-crashpad-handler @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_install_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}
|
@{chromium_lib_dirs} = /opt/google/chrome{,-stable,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/chrome-sandbox
|
@{exec_path} = @{chromium_lib_dirs}/chrome-sandbox
|
||||||
profile chrome-sandbox @{exec_path} {
|
profile chrome-sandbox @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
||||||
|
|
@ -21,8 +21,8 @@ profile chrome-sandbox @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{chromium_install_dirs}/chrome rPx,
|
@{chromium_lib_dirs}/chrome rPx,
|
||||||
@{chromium_install_dirs}/nacl_helper rix,
|
@{chromium_lib_dirs}/nacl_helper rix,
|
||||||
|
|
||||||
@{PROC} r,
|
@{PROC} r,
|
||||||
@{PROC}/@{pids}/ r,
|
@{PROC}/@{pids}/ r,
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_install_dirs} = /opt/google/chrome{,-beta,-unstable}
|
@{chromium_lib_dirs} = /opt/google/chrome{,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/google-chrome{,-beta,-unstable}
|
@{exec_path} = @{chromium_lib_dirs}/google-chrome{,-beta,-unstable}
|
||||||
profile chrome-wrapper @{exec_path} {
|
profile chrome-wrapper @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
@ -24,7 +24,7 @@ profile chrome-wrapper @{exec_path} {
|
||||||
/{usr/,}bin/touch rix,
|
/{usr/,}bin/touch rix,
|
||||||
/{usr/,}bin/which{,.debianutils} rix,
|
/{usr/,}bin/which{,.debianutils} rix,
|
||||||
|
|
||||||
@{chromium_install_dirs}/chrome rPx,
|
@{chromium_lib_dirs}/chrome rPx,
|
||||||
|
|
||||||
owner @{user_config_dirs}/chrome-flags.conf r,
|
owner @{user_config_dirs}/chrome-flags.conf r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,11 @@ include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = chromium
|
@{chromium_name} = chromium
|
||||||
@{chromium_domain} = org.chromium.Chromium
|
@{chromium_domain} = org.chromium.Chromium
|
||||||
@{chromium_install_dirs} = /{usr/,}lib/@{chromium_name}
|
@{chromium_lib_dirs} = /{usr/,}lib/@{chromium_name}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||||
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/@{chromium_name}
|
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||||
profile chromium @{exec_path} {
|
profile chromium @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/chromium>
|
include <abstractions/chromium>
|
||||||
|
|
|
||||||
|
|
@ -9,20 +9,20 @@ include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = opera{,-beta,-developer}
|
@{chromium_name} = opera{,-beta,-developer}
|
||||||
@{chromium_domain} = com.opera.Opera
|
@{chromium_domain} = com.opera.Opera
|
||||||
@{chromium_install_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
@{chromium_lib_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||||
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
@{chromium_cache_dirs} = @{user_cache_dirs}/@{chromium_name}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/@{chromium_name}
|
@{exec_path} = @{chromium_lib_dirs}/@{chromium_name}
|
||||||
profile opera @{exec_path} {
|
profile opera @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/chromium>
|
include <abstractions/chromium>
|
||||||
|
|
||||||
@{exec_path} mrix,
|
@{exec_path} mrix,
|
||||||
|
|
||||||
@{chromium_install_dirs}/opera_autoupdate krix,
|
@{chromium_lib_dirs}/opera_autoupdate krix,
|
||||||
@{chromium_install_dirs}/opera_crashreporter rPx,
|
@{chromium_lib_dirs}/opera_crashreporter rPx,
|
||||||
@{chromium_install_dirs}/opera-sandbox rPx,
|
@{chromium_lib_dirs}/opera-sandbox rPx,
|
||||||
|
|
||||||
/opt/google/chrome{,-beta,-unstable}/libwidevinecdm.so mr,
|
/opt/google/chrome{,-beta,-unstable}/libwidevinecdm.so mr,
|
||||||
/opt/google/chrome{,-beta,-unstable}/libwidevinecdmadapter.so mr,
|
/opt/google/chrome{,-beta,-unstable}/libwidevinecdmadapter.so mr,
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,10 @@ abi <abi/3.0>,
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = opera{,-beta,-developer}
|
@{chromium_name} = opera{,-beta,-developer}
|
||||||
@{chromium_install_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
@{chromium_lib_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
||||||
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
@{chromium_config_dirs} = @{user_config_dirs}/@{chromium_name}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/opera_crashreporter
|
@{exec_path} = @{chromium_lib_dirs}/opera_crashreporter
|
||||||
profile opera-crashreporter @{exec_path} {
|
profile opera-crashreporter @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ abi <abi/3.0>,
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{chromium_name} = opera{,-beta,-developer}
|
@{chromium_name} = opera{,-beta,-developer}
|
||||||
@{chromium_install_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
@{chromium_lib_dirs} = /{usr/,}lib/@{multiarch}/@{chromium_name}
|
||||||
|
|
||||||
@{exec_path} = @{chromium_install_dirs}/opera_sandbox
|
@{exec_path} = @{chromium_lib_dirs}/opera_sandbox
|
||||||
profile opera-sandbox @{exec_path} {
|
profile opera-sandbox @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
|
|
@ -25,7 +25,7 @@ profile opera-sandbox @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{chromium_install_dirs}/opera{,-beta,-developer} rPx,
|
@{chromium_lib_dirs}/opera{,-beta,-developer} rPx,
|
||||||
|
|
||||||
@{PROC} r,
|
@{PROC} r,
|
||||||
@{PROC}/@{pids}/ r,
|
@{PROC}/@{pids}/ r,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue