feat(profile): use gnome abs in common gnome app.

This commit is contained in:
Alexandre Pujol 2024-04-09 23:42:03 +01:00
parent 50ce9750d3
commit 69f90c5a11
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
8 changed files with 16 additions and 55 deletions

View File

@ -10,16 +10,13 @@ include <tunables/global>
profile gnome-calendar @{exec_path} { profile gnome-calendar @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.login1> include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.NetworkManager> include <abstractions/bus/org.freedesktop.NetworkManager>
include <abstractions/bus/org.freedesktop.portal.Desktop> include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.freedesktop.timedate1> include <abstractions/bus/org.freedesktop.timedate1>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/p11-kit> include <abstractions/p11-kit>
include <abstractions/ssl_certs> include <abstractions/ssl_certs>
@ -39,12 +36,8 @@ profile gnome-calendar @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{open_path} rPx -> child-open-help,
/usr/share/evolution-data-server/{,**} r, /usr/share/evolution-data-server/{,**} r,
/usr/share/libgweather/Locations.xml r, /usr/share/libgweather/Locations.xml r,
owner @{PROC}/@{pid}/cmdline r,
include if exists <local/gnome-calendar> include if exists <local/gnome-calendar>
} }

View File

@ -6,16 +6,13 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters @{exec_path} = @{bin}/gnome-characters /usr/share/org.gnome.Characters/org.gnome.Characters
profile gnome-characters @{exec_path} { profile gnome-characters @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.portal.Desktop> include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
#aa:dbus own bus=session name=org.gnome.Characters #aa:dbus own bus=session name=org.gnome.Characters
@ -30,10 +27,8 @@ profile gnome-characters @{exec_path} {
@{open_path} rPx -> child-open-help, @{open_path} rPx -> child-open-help,
/usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r, /usr/share/org.gnome.Characters/{,**} r,
/usr/share/nvidia/nvidia-application-profiles-*-rc r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/status r, owner @{PROC}/@{pid}/status r,

View File

@ -10,12 +10,9 @@ include <tunables/global>
profile gnome-contacts @{exec_path} { profile gnome-contacts @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.portal.Desktop> include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/gstreamer> include <abstractions/gstreamer>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/ssl_certs> include <abstractions/ssl_certs>
@ -29,10 +26,7 @@ profile gnome-contacts @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{open_path} rPx -> child-open-help,
owner @{user_cache_dirs}/evolution/addressbook/{,**} r, owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
owner @{user_config_dirs}/gnome-contacts/{,**} rw,
owner @{user_share_dirs}/folks/relationships.ini r, owner @{user_share_dirs}/folks/relationships.ini r,
include if exists <local/gnome-contacts> include if exists <local/gnome-contacts>

View File

@ -9,9 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-extensions-app @{exec_path} = @{bin}/gnome-extensions-app
profile gnome-extensions-app @{exec_path} { profile gnome-extensions-app @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{exec_path} mr, @{exec_path} mr,
@ -19,8 +17,6 @@ profile gnome-extensions-app @{exec_path} {
@{sh_path} rix, @{sh_path} rix,
@{bin}/gjs-console rix, @{bin}/gjs-console rix,
@{open_path} rPx -> child-open-help,
/usr/share/gnome-shell/org.gnome.Extensions* r, /usr/share/gnome-shell/org.gnome.Extensions* r,
/usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/terminfo/** r, /usr/share/terminfo/** r,

View File

@ -10,9 +10,9 @@ include <tunables/global>
profile gnome-music @{exec_path} flags=(attach_disconnected) { profile gnome-music @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/audio-client> include <abstractions/audio-client>
include <abstractions/dconf-write> include <abstractions/bus-system>
include <abstractions/gnome-strict> include <abstractions/bus/org.freedesktop.login1>
include <abstractions/graphics> include <abstractions/common/gnome>
include <abstractions/gstreamer> include <abstractions/gstreamer>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/p11-kit> include <abstractions/p11-kit>
@ -25,14 +25,14 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
#aa:dbus talk bus=session name=org.freedesktop.Tracker3.Writeback label=tracker-writeback
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,
@{bin}/env r, @{bin}/env r,
@{bin}/python3.@{int} rix, @{bin}/python3.@{int} rix,
@{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw, @{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw,
@{open_path} rPx -> child-open-help,
/usr/share/grilo-plugins/grl-lua-factory/{,*} r, /usr/share/grilo-plugins/grl-lua-factory/{,*} r,
/usr/share/org.gnome.Music/{,**} r, /usr/share/org.gnome.Music/{,**} r,
/usr/share/tracker3/{,**} r, /usr/share/tracker3/{,**} r,
@ -41,7 +41,6 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
owner @{user_music_dirs}/{,**} r, owner @{user_music_dirs}/{,**} r,
owner @{user_cache_dirs}/gnome-music/{,**} rwk,
owner @{user_cache_dirs}/media-art/{,*} rw, owner @{user_cache_dirs}/media-art/{,*} rw,
owner @{user_share_dirs}/grilo-plugins/ rwk, owner @{user_share_dirs}/grilo-plugins/ rwk,
owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
@ -52,7 +51,6 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex} rw,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

View File

@ -9,11 +9,11 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-recipes @{exec_path} = @{bin}/gnome-recipes
profile gnome-recipes @{exec_path} { profile gnome-recipes @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/audio-client>
include <abstractions/gnome-strict> include <abstractions/common/gnome>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/p11-kit> include <abstractions/p11-kit>
include <abstractions/ssl_certs>
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -25,11 +25,5 @@ profile gnome-recipes @{exec_path} {
@{bin}/tar rix, @{bin}/tar rix,
@{open_path} rPx -> child-open-help,
/usr/share/gnome-recipes/{,**} r,
owner @{user_cache_dirs}/gnome-recipes/{,**} rw,
include if exists <local/gnome-recipes> include if exists <local/gnome-recipes>
} }

View File

@ -9,14 +9,10 @@ include <tunables/global>
@{exec_path} = @{bin}/gnome-tour @{exec_path} = @{bin}/gnome-tour
profile gnome-tour @{exec_path} { profile gnome-tour @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{exec_path} mr, @{exec_path} mr,
/usr/share/gnome-tour/{,**} r,
include if exists <local/gnome-tour> include if exists <local/gnome-tour>
} }

View File

@ -10,12 +10,9 @@ include <tunables/global>
profile file-roller @{exec_path} { profile file-roller @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.portal.Desktop> include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/dconf-write> include <abstractions/common/gnome>
include <abstractions/desktop>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/user-download-strict> include <abstractions/user-download-strict>
include <abstractions/user-read-strict> include <abstractions/user-read-strict>
@ -40,8 +37,6 @@ profile file-roller @{exec_path} {
@{bin}/zstd rix, @{bin}/zstd rix,
@{lib}/p7zip/7z rix, @{lib}/p7zip/7z rix,
@{open_path} rPx -> child-open,
@{run}/mount/utab r, @{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,