From 66aa230b90712f0b7914adead1c4edc8905c48e8 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 15 Mar 2024 23:56:23 +0000 Subject: [PATCH] feat(profile): some dbus rule improvment. --- .../abstractions/bus/com.canonical.Unity.LauncherEntry | 10 ++++++++++ apparmor.d/groups/gvfs/gvfs-goa-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 4 +--- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index 1f559fc6..a763bc5c 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -9,4 +9,14 @@ member=Update peer=(name=org.freedesktop.DBus, label=gnome-shell), + dbus receive bus=session path=/com/canonical/unity/launcherentry/@{int} + interface=com.canonical.dbusmenu + member={GetLayout,GetGroupProperties} + peer=(name=:*, label=gnome-shell), + + dbus receive bus=session path=/com/canonical/unity/launcherentry/@{int} + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=:*, label=gnome-shell), + include if exists diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 655361c0..cd45cb51 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -12,7 +12,7 @@ profile gvfs-goa-volume-monitor @{exec_path} { include include - # dbus: own bus=session name=org.gtk.vfs.GoaVolumeMonitor + # dbus: own bus=session name=org.gtk.vfs.GoaVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 589abc28..c9fee4e3 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -16,7 +16,7 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor + # dbus: own bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index 3a0dccbe..62c3fc48 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -15,7 +15,7 @@ profile gvfs-mtp-volume-monitor @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gtk.vfs.MTPVolumeMonitor + # dbus: own bus=session name=org.gtk.vfs.MTPVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 9e44235c..5aebd01c 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -30,8 +30,7 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { ptrace (read), - # dbus: own bus=session name=org.gtk.vfs.UDisks2VolumeMonitor - + # dbus: own bus=session name=org.gtk.vfs.UDisks2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor # dbus: talk bus=system name=org.freedesktop.UDisks2 label=udisksd dbus receive bus=session @@ -50,7 +49,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { / r, /etc/fstab r, - /etc/machine-id r, # Mount points @{MOUNTS}/**/ r,