mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 16:03:51 +01:00
feat(profile): use gnome abs in common gnome app.
This commit is contained in:
parent
50ce9750d3
commit
69f90c5a11
@ -10,16 +10,13 @@ include <tunables/global>
|
|||||||
profile gnome-calendar @{exec_path} {
|
profile gnome-calendar @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-accessibility>
|
include <abstractions/bus-accessibility>
|
||||||
include <abstractions/bus-session>
|
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/bus/org.freedesktop.login1>
|
include <abstractions/bus/org.freedesktop.login1>
|
||||||
include <abstractions/bus/org.freedesktop.NetworkManager>
|
include <abstractions/bus/org.freedesktop.NetworkManager>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/bus/org.freedesktop.timedate1>
|
include <abstractions/bus/org.freedesktop.timedate1>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/gnome-strict>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
include <abstractions/ssl_certs>
|
include <abstractions/ssl_certs>
|
||||||
@ -39,12 +36,8 @@ profile gnome-calendar @{exec_path} {
|
|||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open-help,
|
|
||||||
|
|
||||||
/usr/share/evolution-data-server/{,**} r,
|
/usr/share/evolution-data-server/{,**} r,
|
||||||
/usr/share/libgweather/Locations.xml r,
|
/usr/share/libgweather/Locations.xml r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
|
||||||
|
|
||||||
include if exists <local/gnome-calendar>
|
include if exists <local/gnome-calendar>
|
||||||
}
|
}
|
||||||
|
@ -6,16 +6,13 @@ abi <abi/3.0>,
|
|||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters
|
@{exec_path} = @{bin}/gnome-characters /usr/share/org.gnome.Characters/org.gnome.Characters
|
||||||
profile gnome-characters @{exec_path} {
|
profile gnome-characters @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
include <abstractions/gnome-strict>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.gnome.Characters
|
#aa:dbus own bus=session name=org.gnome.Characters
|
||||||
@ -30,10 +27,8 @@ profile gnome-characters @{exec_path} {
|
|||||||
@{open_path} rPx -> child-open-help,
|
@{open_path} rPx -> child-open-help,
|
||||||
|
|
||||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||||
/usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r,
|
/usr/share/org.gnome.Characters/{,**} r,
|
||||||
/usr/share/nvidia/nvidia-application-profiles-*-rc r,
|
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
owner @{PROC}/@{pid}/stat r,
|
owner @{PROC}/@{pid}/stat r,
|
||||||
owner @{PROC}/@{pid}/status r,
|
owner @{PROC}/@{pid}/status r,
|
||||||
|
@ -10,12 +10,9 @@ include <tunables/global>
|
|||||||
profile gnome-contacts @{exec_path} {
|
profile gnome-contacts @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-accessibility>
|
include <abstractions/bus-accessibility>
|
||||||
include <abstractions/bus-session>
|
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/gnome-strict>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/gstreamer>
|
include <abstractions/gstreamer>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/ssl_certs>
|
include <abstractions/ssl_certs>
|
||||||
@ -29,10 +26,7 @@ profile gnome-contacts @{exec_path} {
|
|||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open-help,
|
|
||||||
|
|
||||||
owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
|
owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
|
||||||
owner @{user_config_dirs}/gnome-contacts/{,**} rw,
|
|
||||||
owner @{user_share_dirs}/folks/relationships.ini r,
|
owner @{user_share_dirs}/folks/relationships.ini r,
|
||||||
|
|
||||||
include if exists <local/gnome-contacts>
|
include if exists <local/gnome-contacts>
|
||||||
|
@ -9,9 +9,7 @@ include <tunables/global>
|
|||||||
@{exec_path} = @{bin}/gnome-extensions-app
|
@{exec_path} = @{bin}/gnome-extensions-app
|
||||||
profile gnome-extensions-app @{exec_path} {
|
profile gnome-extensions-app @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/gnome-strict>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
@ -19,8 +17,6 @@ profile gnome-extensions-app @{exec_path} {
|
|||||||
@{sh_path} rix,
|
@{sh_path} rix,
|
||||||
@{bin}/gjs-console rix,
|
@{bin}/gjs-console rix,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open-help,
|
|
||||||
|
|
||||||
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
||||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||||
/usr/share/terminfo/** r,
|
/usr/share/terminfo/** r,
|
||||||
|
@ -10,9 +10,9 @@ include <tunables/global>
|
|||||||
profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/audio-client>
|
include <abstractions/audio-client>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/gnome-strict>
|
include <abstractions/bus/org.freedesktop.login1>
|
||||||
include <abstractions/graphics>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/gstreamer>
|
include <abstractions/gstreamer>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
@ -25,14 +25,14 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
#aa:dbus talk bus=session name=org.freedesktop.Tracker3.Writeback label=tracker-writeback
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
@{bin}/env r,
|
@{bin}/env r,
|
||||||
@{bin}/python3.@{int} rix,
|
@{bin}/python3.@{int} rix,
|
||||||
@{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw,
|
@{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open-help,
|
|
||||||
|
|
||||||
/usr/share/grilo-plugins/grl-lua-factory/{,*} r,
|
/usr/share/grilo-plugins/grl-lua-factory/{,*} r,
|
||||||
/usr/share/org.gnome.Music/{,**} r,
|
/usr/share/org.gnome.Music/{,**} r,
|
||||||
/usr/share/tracker3/{,**} r,
|
/usr/share/tracker3/{,**} r,
|
||||||
@ -41,7 +41,6 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
owner @{user_music_dirs}/{,**} r,
|
owner @{user_music_dirs}/{,**} r,
|
||||||
|
|
||||||
owner @{user_cache_dirs}/gnome-music/{,**} rwk,
|
|
||||||
owner @{user_cache_dirs}/media-art/{,*} rw,
|
owner @{user_cache_dirs}/media-art/{,*} rw,
|
||||||
owner @{user_share_dirs}/grilo-plugins/ rwk,
|
owner @{user_share_dirs}/grilo-plugins/ rwk,
|
||||||
owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
|
owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
|
||||||
@ -52,7 +51,6 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
|||||||
owner /var/tmp/etilqs_@{hex} rw,
|
owner /var/tmp/etilqs_@{hex} rw,
|
||||||
|
|
||||||
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
|
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
|
|
||||||
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
||||||
|
@ -9,11 +9,11 @@ include <tunables/global>
|
|||||||
@{exec_path} = @{bin}/gnome-recipes
|
@{exec_path} = @{bin}/gnome-recipes
|
||||||
profile gnome-recipes @{exec_path} {
|
profile gnome-recipes @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/audio-client>
|
||||||
include <abstractions/gnome-strict>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/ssl_certs>
|
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
network inet dgram,
|
network inet dgram,
|
||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
@ -25,11 +25,5 @@ profile gnome-recipes @{exec_path} {
|
|||||||
|
|
||||||
@{bin}/tar rix,
|
@{bin}/tar rix,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open-help,
|
|
||||||
|
|
||||||
/usr/share/gnome-recipes/{,**} r,
|
|
||||||
|
|
||||||
owner @{user_cache_dirs}/gnome-recipes/{,**} rw,
|
|
||||||
|
|
||||||
include if exists <local/gnome-recipes>
|
include if exists <local/gnome-recipes>
|
||||||
}
|
}
|
@ -9,14 +9,10 @@ include <tunables/global>
|
|||||||
@{exec_path} = @{bin}/gnome-tour
|
@{exec_path} = @{bin}/gnome-tour
|
||||||
profile gnome-tour @{exec_path} {
|
profile gnome-tour @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/gnome-strict>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/gnome-tour/{,**} r,
|
|
||||||
|
|
||||||
include if exists <local/gnome-tour>
|
include if exists <local/gnome-tour>
|
||||||
}
|
}
|
@ -10,12 +10,9 @@ include <tunables/global>
|
|||||||
profile file-roller @{exec_path} {
|
profile file-roller @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-accessibility>
|
include <abstractions/bus-accessibility>
|
||||||
include <abstractions/bus-session>
|
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/common/gnome>
|
||||||
include <abstractions/desktop>
|
|
||||||
include <abstractions/graphics>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/user-download-strict>
|
include <abstractions/user-download-strict>
|
||||||
include <abstractions/user-read-strict>
|
include <abstractions/user-read-strict>
|
||||||
@ -40,8 +37,6 @@ profile file-roller @{exec_path} {
|
|||||||
@{bin}/zstd rix,
|
@{bin}/zstd rix,
|
||||||
@{lib}/p7zip/7z rix,
|
@{lib}/p7zip/7z rix,
|
||||||
|
|
||||||
@{open_path} rPx -> child-open,
|
|
||||||
|
|
||||||
@{run}/mount/utab r,
|
@{run}/mount/utab r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/mountinfo r,
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
|
Loading…
Reference in New Issue
Block a user