diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd index 381a77ae..66574032 100644 --- a/apparmor.d/groups/_full/systemd +++ b/apparmor.d/groups/_full/systemd @@ -122,7 +122,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) { unix (receive) type=dgram addr=none peer=(label=systemd-timesyncd, addr=none), unix (send, receive, connect) type=stream addr=none peer=(label=plymouthd, addr=@/org/freedesktop/plymouthd), - # dbus: own bus=system name=org.freedesktop.systemd1 + #aa:dbus own bus=system name=org.freedesktop.systemd1 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/_full/systemd-user b/apparmor.d/groups/_full/systemd-user index abc4deaa..e439f670 100644 --- a/apparmor.d/groups/_full/systemd-user +++ b/apparmor.d/groups/_full/systemd-user @@ -33,7 +33,7 @@ profile systemd-user flags=(attach_disconnected,mediate_deleted) { unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-system, unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-api-user, - # dbus: own bus=session name=org.freedesktop.systemd1 + #aa:dbus own bus=session name=org.freedesktop.systemd1 @{exec_path} mr, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index f42d64d4..f95ee553 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -38,7 +38,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { unix (send, receive) type=stream peer=(label=apt-esm-json-hook), unix (send, receive) type=stream peer=(label=snapd), - # dbus: own bus=system name=org.debian.apt + #aa:dbus own bus=system name=org.debian.apt dbus send bus=system path=/org/freedesktop/DBus/Bus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 9f396d83..7ae1e17c 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -53,7 +53,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { signal (send) set=(term, kill) peer=keepassxc-proxy, signal (send) set=(term, kill) peer=firefox-*, - # dbus: own bus=session name=org.mozilla.firefox + #aa:dbus own bus=session name=org.mozilla.firefox deny dbus send bus=system path=/org/freedesktop/hostname1, diff --git a/apparmor.d/groups/bus/at-spi2-registryd b/apparmor.d/groups/bus/at-spi2-registryd index a4df1755..e47c5291 100644 --- a/apparmor.d/groups/bus/at-spi2-registryd +++ b/apparmor.d/groups/bus/at-spi2-registryd @@ -15,7 +15,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include include - # dbus: own bus=accessibility name=org.a11y.atspi.{R,r}egistry + #aa:dbus own bus=accessibility name=org.a11y.atspi.{R,r}egistry dbus send bus=accessibility path=/org/a11y/atspi/accessible/root interface=org.freedesktop.DBus.Properties member=Set diff --git a/apparmor.d/groups/bus/dbus-accessibility b/apparmor.d/groups/bus/dbus-accessibility index f53080c6..0ae9cfc6 100644 --- a/apparmor.d/groups/bus/dbus-accessibility +++ b/apparmor.d/groups/bus/dbus-accessibility @@ -21,7 +21,7 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) { dbus bus=accessibility, - # dbus: own bus=session name=org.a11y.{B,b}us + #aa:dbus own bus=session name=org.a11y.{B,b}us dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index f0ea6ac6..13fecc0e 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -21,8 +21,8 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { unix (send, receive, accept) type=stream addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????" peer=(label=ibus-*), unix (send, receive, accept) type=stream addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????" peer=(label=gnome-shell), - # dbus: own bus=session name=org.freedesktop.portal.IBus - # dbus: own bus=session name=org.freedesktop.IBus + #aa:dbus own bus=session name=org.freedesktop.portal.IBus + #aa:dbus own bus=session name=org.freedesktop.IBus dbus send bus=session path=/org/freedesktop/IBus interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index e9c703d5..3b5b134d 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -26,7 +26,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - # dbus: own bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3 + #aa:dbus own bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3 dbus receive bus=session path=/org/gtk/Settings interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index 0a09958c..a8b34048 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -23,7 +23,7 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=unconfined, - # dbus: own bus=system name=org.freedesktop.Accounts + #aa:dbus own bus=system name=org.freedesktop.Accounts dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index ba13c839..0ac82b25 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -20,7 +20,7 @@ profile colord @{exec_path} flags=(attach_disconnected) { network inet6 dgram, network netlink raw, - # dbus: own bus=system name=org.freedesktop.ColorManager + #aa:dbus own bus=system name=org.freedesktop.ColorManager dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/freedesktop/colord-session b/apparmor.d/groups/freedesktop/colord-session index 86943fc4..0d4c173a 100644 --- a/apparmor.d/groups/freedesktop/colord-session +++ b/apparmor.d/groups/freedesktop/colord-session @@ -12,7 +12,7 @@ profile colord-session @{exec_path} { include include - # dbus: own bus=session name=org.freedesktop.ColorHelper + #aa:dbus own bus=session name=org.freedesktop.ColorHelper @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index dd2dae6b..70184421 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -16,7 +16,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term kill hup) peer=dbus-session, signal (receive) set=(term hup) peer=gdm, - # dbus: own bus=session name=ca.desrt.dconf + #aa:dbus own bus=session name=ca.desrt.dconf dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index 0309a59b..de457808 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -24,7 +24,7 @@ profile geoclue @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - # dbus: own bus=system name=org.freedesktop.GeoClue2 + #aa:dbus own bus=system name=org.freedesktop.GeoClue2 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/freedesktop/iio-sensor-proxy b/apparmor.d/groups/freedesktop/iio-sensor-proxy index 956868f6..ec05583b 100644 --- a/apparmor.d/groups/freedesktop/iio-sensor-proxy +++ b/apparmor.d/groups/freedesktop/iio-sensor-proxy @@ -14,7 +14,7 @@ profile iio-sensor-proxy @{exec_path} { network netlink raw, - # dbus: own bus=system name=net.hadess.SensorProxy + #aa:dbus own bus=system name=net.hadess.SensorProxy @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index f882a690..696b5ba9 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -23,7 +23,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { ptrace (read), - # dbus: own bus=session name=org.pulseaudio.Server + #aa:dbus own bus=session name=org.pulseaudio.Server dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd index 12c2e84a..4230b223 100644 --- a/apparmor.d/groups/freedesktop/polkitd +++ b/apparmor.d/groups/freedesktop/polkitd @@ -21,7 +21,7 @@ profile polkitd @{exec_path} flags=(attach_disconnected) { ptrace (read), - # dbus: own bus=system name=org.freedesktop.PolicyKit1 + #aa:dbus own bus=system name=org.freedesktop.PolicyKit1 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index e2e22bc8..c3a40b05 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -38,9 +38,9 @@ profile pulseaudio @{exec_path} { network bluetooth stream, network bluetooth seqpacket, - # dbus: own bus=session name=org.freedesktop.ReserveDevice1.Audio@{int} - # dbus: own bus=session name=org.PulseAudio1 - # dbus: own bus=session name=org.pulseaudio* + #aa:dbus own bus=session name=org.freedesktop.ReserveDevice1.Audio@{int} + #aa:dbus own bus=session name=org.PulseAudio1 + #aa:dbus own bus=session name=org.pulseaudio* dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/freedesktop/upowerd b/apparmor.d/groups/freedesktop/upowerd index 3fb8da5b..b5c84d70 100644 --- a/apparmor.d/groups/freedesktop/upowerd +++ b/apparmor.d/groups/freedesktop/upowerd @@ -17,7 +17,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=system name=org.freedesktop.UPower + #aa:dbus own bus=system name=org.freedesktop.UPower @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 06a44fd3..ceea47f3 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -26,7 +26,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { ptrace (read), - # dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}} + #aa:dbus own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}} dbus receive bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.portal.Realtime member=MakeThread* @@ -37,7 +37,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { member=CheckPermissions peer=(name=:*, label=NetworkManager), - # dbus: own bus=session name=org.freedesktop.background.Monitor path=/org/freedesktop/background/monitor + #aa:dbus own bus=session name=org.freedesktop.background.Monitor path=/org/freedesktop/background/monitor dbus send bus=session path=/org/freedesktop/portal/documents interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 29f4cfb1..1084a534 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -29,7 +29,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) { signal (receive) set=term peer=gdm, signal (receive) set=(hup term) peer=gdm-session-worker, - # dbus: own bus=session name=org.freedesktop.impl.portal.desktop.gnome + #aa:dbus own bus=session name=org.freedesktop.impl.portal.desktop.gnome dbus send bus=session path=/org/gnome/Shell/Screenshot interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 3d30a261..cbf29a43 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -31,7 +31,7 @@ profile xdg-desktop-portal-gtk @{exec_path} { unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell), - # dbus: own bus=session name=org.freedesktop.impl.portal.desktop.gtk + #aa:dbus own bus=session name=org.freedesktop.impl.portal.desktop.gtk dbus receive bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.impl.portal.Settings diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 70b2cf7f..993b91e7 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -24,7 +24,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount), - # dbus: own bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents + #aa:dbus own bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index 12f21a2f..3a7223c1 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -16,7 +16,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term hup kill) peer=dbus-session, signal (receive) set=(term hup kill) peer=gdm, - # dbus: own bus=session name=org.freedesktop.impl.portal.PermissionStore + #aa:dbus own bus=session name=org.freedesktop.impl.portal.PermissionStore dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/deja-dup-monitor b/apparmor.d/groups/gnome/deja-dup-monitor index 179e2d2d..83fc727f 100644 --- a/apparmor.d/groups/gnome/deja-dup-monitor +++ b/apparmor.d/groups/gnome/deja-dup-monitor @@ -18,8 +18,8 @@ profile deja-dup-monitor @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gnome.DejaDup.Monitor - # dbus: talk bus=session name=org.gnome.DejaDup label=deja-dup + #aa:dbus own bus=session name=org.gnome.DejaDup.Monitor + #aa:dbus talk bus=session name=org.gnome.DejaDup label=deja-dup dbus send bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index bc7e85a6..1b44e17f 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -25,7 +25,7 @@ profile evolution-addressbook-factory @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gnome.evolution.dataserver.AddressBook10 + #aa:dbus own bus=session name=org.gnome.evolution.dataserver.AddressBook10 dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** interface=org.gnome.evolution.dataserver.* diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index 883b5fe9..e0b01f5f 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -20,7 +20,7 @@ profile evolution-alarm-notify @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gnome.Evolution-alarm-notify + #aa:dbus own bus=session name=org.gnome.Evolution-alarm-notify dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** interface=org.gnome.evolution.dataserver.Calendar* diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index a54f4968..aeae6f87 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -24,7 +24,7 @@ profile evolution-calendar-factory @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gnome.evolution.dataserver.Calendar8 + #aa:dbus own bus=session name=org.gnome.evolution.dataserver.Calendar8 dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** interface=org.gnome.evolution.dataserver.* diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 093bab4e..23576f45 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -22,7 +22,7 @@ profile evolution-source-registry @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gnome.evolution.dataserver.Sources5 + #aa:dbus own bus=session name=org.gnome.evolution.dataserver.Sources5 dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties} diff --git a/apparmor.d/groups/gnome/evolution-user-prompter b/apparmor.d/groups/gnome/evolution-user-prompter index 5e60e6d7..254b19ad 100644 --- a/apparmor.d/groups/gnome/evolution-user-prompter +++ b/apparmor.d/groups/gnome/evolution-user-prompter @@ -11,7 +11,7 @@ profile evolution-user-prompter @{exec_path} { include include - # dbus: own bus=session name=org.gnome.evolution.dataserver.UserPrompter0 + #aa:dbus own bus=session name=org.gnome.evolution.dataserver.UserPrompter0 @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 27a35244..cc1f4b61 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -39,10 +39,10 @@ profile gdm @{exec_path} flags=(attach_disconnected) { unix (bind, listen) type=stream addr="@/tmp/dbus-@{rand8}", unix (send receive accept) type=stream addr="@/tmp/dbus-@{rand8}" peer=(label=gdm-session-worker, addr=none), - # dbus: own bus=system name=org.gnome.DisplayManager + #aa:dbus own bus=system name=org.gnome.DisplayManager - # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind - # dbus: talk bus=system name=org.freedesktop.Accounts label=accounts-daemon + #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 5e816d99..7692322f 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -28,11 +28,11 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term hup) peer=gdm*, - # dbus: own bus=session name=org.freedesktop.Notifications - # dbus: own bus=session name=org.gnome.ScreenSaver - # dbus: own bus=session name=org.gnome.Shell.Extensions - # dbus: own bus=session name=org.gnome.Shell.Notifications - # dbus: own bus=session name=org.gnome.Shell.Screencast + #aa:dbus own bus=session name=org.freedesktop.Notifications + #aa:dbus own bus=session name=org.gnome.ScreenSaver + #aa:dbus own bus=session name=org.gnome.Shell.Extensions + #aa:dbus own bus=session name=org.gnome.Shell.Notifications + #aa:dbus own bus=session name=org.gnome.Shell.Screencast dbus send bus=session path=/org/gnome/Mutter/ScreenCast interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index 3ae77c40..cdf7b18b 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -26,11 +26,11 @@ profile gnome-calendar @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gnome.Calendar interface={org.freedesktop.Application,org.gtk.Actions} + #aa:dbus own bus=session name=org.gnome.Calendar interface={org.freedesktop.Application,org.gtk.Actions} - # dbus: talk bus=session name=org.gnome.evolution.dataserver.CalendarView label=evolution-calendar-factory - # dbus: talk bus=session name=org.gnome.evolution.dataserver.Source label=evolution-source-registry - # dbus: talk bus=system name=org.freedesktop.GeoClue2 label=geoclue + #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.CalendarView label=evolution-calendar-factory + #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.Source label=evolution-source-registry + #aa:dbus talk bus=system name=org.freedesktop.GeoClue2 label=geoclue dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 5b4cb314..e73e206a 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -18,7 +18,7 @@ profile gnome-characters @{exec_path} { include include - # dbus: own bus=session name=org.gnome.Characters + #aa:dbus own bus=session name=org.gnome.Characters dbus receive bus=session path=/org/gnome/Characters/SearchProvider interface=org.gnome.Shell.SearchProvider2 peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gnome-contacts b/apparmor.d/groups/gnome/gnome-contacts index 1ba46a7a..116b0e80 100644 --- a/apparmor.d/groups/gnome/gnome-contacts +++ b/apparmor.d/groups/gnome/gnome-contacts @@ -22,10 +22,10 @@ profile gnome-contacts @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gnome.Contacts + #aa:dbus own bus=session name=org.gnome.Contacts - # dbus: talk bus=session name=org.gnome.evolution.dataserver.AddressBookFactory label=evolution-addressbook-factory - # dbus: talk bus=session name=org.gnome.evolution.dataserver.Source label=evolution-source-registry + #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.AddressBookFactory label=evolution-addressbook-factory + #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.Source label=evolution-source-registry @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper index fe93b16d..1e594187 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper +++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper @@ -30,7 +30,7 @@ profile gnome-control-center-goa-helper @{exec_path} { signal (send) set=(kill) peer=bwrap, - # dbus: own bus=session name=org.gnome.Settings.GoaHelper + #aa:dbus: own bus=session name=org.gnome.Settings.GoaHelper dbus send bus=session path=/org/gnome/OnlineAccounts interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gnome-disks b/apparmor.d/groups/gnome/gnome-disks index f52142a0..65be05eb 100644 --- a/apparmor.d/groups/gnome/gnome-disks +++ b/apparmor.d/groups/gnome/gnome-disks @@ -15,7 +15,7 @@ profile gnome-disks @{exec_path} { include include - # dbus: own bus=session name=org.gnome.DiskUtility + #aa:dbus own bus=session name=org.gnome.DiskUtility @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding index 92210f47..573f1714 100644 --- a/apparmor.d/groups/gnome/gnome-extension-ding +++ b/apparmor.d/groups/gnome/gnome-extension-ding @@ -29,8 +29,8 @@ profile gnome-extension-ding @{exec_path} { unix (send,receive) type=stream addr=none peer=(label=gnome-shell), - # dbus: own bus=session name=com.rastersoft.ding interface={org.freedesktop.DBus.Properties,org.gtk.Actions} - # dbus: talk bus=session name=com.rastersoft.dingextension label=gnome-shell + #aa:dbus own bus=session name=com.rastersoft.ding interface=org.gtk.Actions + #aa:dbus talk bus=session name=com.rastersoft.dingextension label=gnome-shell dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index 1b6500f4..5bafdc61 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -28,7 +28,7 @@ profile gnome-initial-setup @{exec_path} { network inet6 stream, network netlink raw, - # dbus: own bus=session name=org.gnome.InitialSetup interface={org.freedesktop.DBus.Properties,org.gtk.Actions} + #aa:dbus own bus=session name=org.gnome.InitialSetup interface=org.gtk.Actions @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index f23152a2..993298ae 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -21,8 +21,8 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term) peer=gdm, signal (send) set=(term) peer=ssh-agent, - # dbus: own bus=session name=org.gnome.keyring - # dbus: own bus=session name=org.freedesktop.{S,s}ecret{,s} + #aa:dbus own bus=session name=org.gnome.keyring + #aa:dbus own bus=session name=org.freedesktop.{S,s}ecret{,s} dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index db278aae..9555d914 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -17,7 +17,7 @@ profile gnome-remote-desktop-daemon @{exec_path} { network inet stream, network inet6 stream, - # dbus: own bus=session name=org.gnome.RemoteDesktop.User + #aa:dbus own bus=session name=org.gnome.RemoteDesktop.User @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index d1891c19..d3fc1162 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -32,7 +32,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(term) peer=gsd-*, - # dbus: own bus=session name=org.gnome.SessionManager + #aa:dbus own bus=session name=org.gnome.SessionManager dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 9828d75c..1d04ad91 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -80,17 +80,16 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { interface={org.gnome.*,org.freedesktop.{Application,DBus.Properties,DBus.ObjectManager},org.gtk.{Actions,Application}} peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"), - # dbus: own bus=session name=com.canonical.Unity path=/com/canonical/{U,u}nity - # dbus: own bus=session name=com.rastersoft.dingextension - # dbus: own bus=session name=org.gtk.MountOperationHandler - # dbus: own bus=session name=org.gtk.Notifications - # dbus: own bus=session name=org.kde.StatusNotifierWatcher path=/StatusNotifierWatcher - - # TODO: org.gtk.Actions for com.rastersoft.dingextension + #aa:dbus own bus=session name=com.canonical.Unity path=/com/canonical/{U,u}nity + #aa:dbus own bus=session name=com.rastersoft.dingextension interface=org.gtk.Actions + #aa:dbus own bus=session name=org.gtk.MountOperationHandler + #aa:dbus own bus=session name=org.gtk.Notifications + #aa:dbus own bus=session name=org.kde.StatusNotifierWatcher path=/StatusNotifierWatcher # Talk with gnome-shell - # dbus: talk bus=session name=com.rastersoft.ding label=gnome-extension-ding + #aa:dbus talk bus=session name=com.rastersoft.ding label=gnome-extension-ding + #aa:dbus talk bus=system name=org.gnome.DisplayManager label=gdm ## System bus diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 6f3d3ce9..89665f56 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -13,7 +13,7 @@ profile gnome-shell-calendar-server @{exec_path} { include include - # dbus: own bus=session name=org.gnome.Shell.CalendarServer + #aa:dbus own bus=session name=org.gnome.Shell.CalendarServer dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor index 1426c17c..53d38fee 100644 --- a/apparmor.d/groups/gnome/gnome-system-monitor +++ b/apparmor.d/groups/gnome/gnome-system-monitor @@ -25,7 +25,7 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) { signal (send) set=(kill term cont stop), - # dbus: own bus=session name=org.gnome.SystemMonitor + #aa:dbus own bus=session name=org.gnome.SystemMonitor @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 0dee00c6..c904f5b6 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -25,7 +25,7 @@ profile gnome-terminal-server @{exec_path} { ptrace (read) peer=htop, ptrace (read) peer=unconfined, - # dbus: own bus=session name=org.gnome.Terminal interface={org.freedesktop.DBus.Properties,org.gtk.Actions} + #aa:dbus own bus=session name=org.gnome.Terminal interface=org.gtk.Actions dbus receive bus=session path=/org/gnome/Terminal/SearchProvider interface=org.gnome.Shell.SearchProvider2 diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index bcb4d753..bab6f212 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -24,7 +24,7 @@ profile goa-daemon @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gnome.OnlineAccounts + #aa:dbus own bus=session name=org.gnome.OnlineAccounts dbus send bus=session path=/org/gnome/Identity interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 5bdf6de6..6bf5921a 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -12,7 +12,7 @@ profile goa-identity-service @{exec_path} { include include - # dbus: own bus=session name=org.gnome.Identity + #aa:dbus own bus=session name=org.gnome.Identity dbus send bus=session path=/org/gnome/OnlineAccounts interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index c92c082c..fb53cea8 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -15,7 +15,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.A11ySettings dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index b7e021dd..203b8ebd 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -23,9 +23,9 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Color + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Color - # dbus: talk bus=system name=org.freedesktop.ColorManager label=colord + #aa:dbus talk bus=system name=org.freedesktop.ColorManager label=colord dbus receive bus=session path=/org/gtk/Settings interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index b5745014..6ceeb02c 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -15,7 +15,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Datetime dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index f0647415..5b79823d 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -13,7 +13,7 @@ profile gsd-disk-utility-notify @{exec_path} { include include - # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor + #aa:dbus own bus=session name=org.gnome.Disks.NotificationMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index d4ae420e..b0ba0ac5 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -19,7 +19,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gnome*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Housekeeping + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Housekeeping dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index c1207995..836a0fd7 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -23,7 +23,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Keyboard @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 81f816e9..d88d1c62 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -29,7 +29,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=session name=org.gnome.SettingsDaemon.MediaKeys + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.MediaKeys dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 09af2c70..35c99776 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -34,7 +34,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Power + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Power dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index cce83323..6846ecaa 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -21,7 +21,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(hup) peer=gsd-printer, - # dbus: own bus=session name=org.gnome.SettingsDaemon.PrintNotifications + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.PrintNotifications # dbus receive bus=system path=/org/cups/cupsd/Notifier # interface=org.cups.cupsd.Notifier, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index b9ecce18..eca2916d 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -17,8 +17,8 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(hup) peer=gsd-print-notifications, - # dbus: own bus=system name=com.redhat.NewPrinterNotification - # dbus: own bus=system name=com.redhat.PrinterDriversInstaller + #aa:dbus own bus=system name=com.redhat.NewPrinterNotification + #aa:dbus own bus=system name=com.redhat.PrinterDriversInstaller dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 7a38625a..837a4f0f 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -20,7 +20,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Rfkill + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Rfkill dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 9fe94692..1a4143d8 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -14,8 +14,8 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.freedesktop.ScreenSaver - # dbus: own bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy + #aa:dbus own bus=session name=org.freedesktop.ScreenSaver + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 846e771d..a57ab3a8 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -17,7 +17,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Sharing dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 4a5271c7..0b722c5a 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -17,7 +17,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Smartcard dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index c15c7033..bcf52073 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -17,7 +17,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Sound dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-usb-protection b/apparmor.d/groups/gnome/gsd-usb-protection index cf7bfb88..2c7c7c5b 100644 --- a/apparmor.d/groups/gnome/gsd-usb-protection +++ b/apparmor.d/groups/gnome/gsd-usb-protection @@ -12,7 +12,7 @@ profile gsd-usb-protection @{exec_path} { include include - # dbus: own bus=session name=org.gnome.SettingsDaemon.UsbProtection + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.UsbProtection @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index a4771159..e4d44f8d 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -21,7 +21,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Wacom @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-wwan b/apparmor.d/groups/gnome/gsd-wwan index f396c1ca..d1a619c8 100644 --- a/apparmor.d/groups/gnome/gsd-wwan +++ b/apparmor.d/groups/gnome/gsd-wwan @@ -12,7 +12,7 @@ profile gsd-wwan @{exec_path} { include include - # dbus: own bus=session name=org.gnome.SettingsDaemon.Wwan + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Wwan @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index eb14882f..e7c89d22 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -30,8 +30,8 @@ profile gsd-xsettings @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings - # dbus: own bus=session name=org.gtk.Settings + #aa:dbus own bus=session name=org.gnome.SettingsDaemon.XSettings + #aa:dbus own bus=session name=org.gtk.Settings dbus send bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index a36840cb..fcec0b96 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -33,10 +33,10 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { interface={org.gnome.Nautilus,org.freedesktop.{Application,DBus.Properties},org.gtk.{Actions,Application}} peer=(name="{:*,org.gnome.Nautilus,org.freedesktop.DBus}"), - # dbus: own bus=session name=org.freedesktop.FileManager1 + #aa:dbus: own bus=session name=org.freedesktop.FileManager1 - # dbus: talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell - # dbus: talk bus=session name=org.gtk.vfs label=gvfsd + #aa:dbus: talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell + #aa:dbus: talk bus=session name=org.gtk.vfs label=gvfsd dbus receive bus=session path=/org/gnome/Nautilus/SearchProvider interface=org.gnome.Shell.SearchProvider2 diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 92612cf3..92a22c60 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -26,9 +26,9 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term) peer=gdm, - # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract + #aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Extract - # dbus: talk bus=session name=org.freedesktop.Tracker3 label=tracker-miner interface=org.freedesktop.DBus.{Properties,Peer} + #aa:dbus talk bus=session name=org.freedesktop.Tracker3 label=tracker-miner interface=org.freedesktop.DBus.Peer dbus send bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index a3cbb93b..5a7ce6a8 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -28,9 +28,9 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, kill) peer=gdm, signal (receive) set=(hup) peer=gdm-session-worker, - # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Files interface=org.freedesktop.DBus.{Properties,Peer} - # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Files.Control - # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.RSS + #aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Files + #aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Files.Control + #aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.RSS @{exec_path} mr, diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 60ae7984..dfbc574d 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -12,7 +12,7 @@ profile gvfs-afc-volume-monitor @{exec_path} { include include - # dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor + #aa:dbus own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index cd45cb51..a35f4646 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -12,7 +12,7 @@ profile gvfs-goa-volume-monitor @{exec_path} { include include - # dbus: own bus=session name=org.gtk.vfs.GoaVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor + #aa:dbus own bus=session name=org.gtk.vfs.GoaVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index c9fee4e3..f2abb38e 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -16,7 +16,7 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor + #aa:dbus own bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index 62c3fc48..dee90f3e 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -15,7 +15,7 @@ profile gvfs-mtp-volume-monitor @{exec_path} { network netlink raw, - # dbus: own bus=session name=org.gtk.vfs.MTPVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor + #aa:dbus own bus=session name=org.gtk.vfs.MTPVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 261676af..3d7f9863 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -30,8 +30,8 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { ptrace (read), - # dbus: own bus=session name=org.gtk.vfs.UDisks2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor - # dbus: talk bus=system name=org.freedesktop.UDisks2 label=udisksd + #aa:dbus own bus=session name=org.gtk.vfs.UDisks2VolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor + #aa:dbus talk bus=system name=org.freedesktop.UDisks2 label=udisksd dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index b112b795..a12a3e00 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -12,7 +12,7 @@ profile gvfsd @{exec_path} { include include - # dbus: own bus=session name=org.gtk.vfs.Daemon + #aa:dbus own bus=session name=org.gtk.vfs.Daemon dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index 3667921b..d01df539 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -23,7 +23,7 @@ profile gvfsd-http @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=session name=org.gtk.vfs.mountpoint_http + #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_http dbus receive bus=session path=/org/gtk/vfs/mountable interface=org.gtk.vfs.Mountable diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index 37827e7d..3a47d927 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -17,7 +17,7 @@ profile gvfsd-metadata @{exec_path} { signal (receive) set=(usr1) peer=pacman, - # dbus: own bus=session name=org.gtk.vfs.Metadata path=/org/gtk/vfs/{m,M}etadata + #aa:dbus own bus=session name=org.gtk.vfs.Metadata path=/org/gtk/vfs/{m,M}etadata dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager index 7cb295d2..501921e9 100644 --- a/apparmor.d/groups/network/ModemManager +++ b/apparmor.d/groups/network/ModemManager @@ -21,7 +21,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) { network qipcrtr dgram, network netlink raw, - # dbus: own bus=system name=org.freedesktop.ModemManager1 + #aa:dbus own bus=system name=org.freedesktop.ModemManager1 @{exec_path} mr, diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 146d6277..bf4cdf51 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -42,7 +42,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { signal (send) set=(term) peer=dnsmasq, - # dbus: own bus=system name=org.freedesktop.NetworkManager + #aa:dbus own bus=system name=org.freedesktop.NetworkManager dbus receive bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index fa90f158..17776b97 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -20,7 +20,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=@{systemd}, - # dbus: own bus=system name=org.freedesktop.nm_dispatcher + #aa:dbus own bus=system name=org.freedesktop.nm_dispatcher @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/hostnamectl b/apparmor.d/groups/systemd/hostnamectl index ba0a6cc4..ea804b04 100644 --- a/apparmor.d/groups/systemd/hostnamectl +++ b/apparmor.d/groups/systemd/hostnamectl @@ -14,7 +14,7 @@ profile hostnamectl @{exec_path} { capability net_admin, - # dbus: talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed + #aa:dbus talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index fa85126d..06305318 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -26,7 +26,7 @@ profile networkctl @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/networkctl/system, - # dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd + #aa:dbus talk bus=system name=org.freedesktop.network1 label=systemd-networkd # No label available dbus send bus=system path=/org/freedesktop/network@{int} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/systemd/systemd-analyze b/apparmor.d/groups/systemd/systemd-analyze index 1fd0378f..8c00ac11 100644 --- a/apparmor.d/groups/systemd/systemd-analyze +++ b/apparmor.d/groups/systemd/systemd-analyze @@ -22,7 +22,7 @@ profile systemd-analyze @{exec_path} { signal (send) peer=child-pager, - # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" + #aa:dbus talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-homed b/apparmor.d/groups/systemd/systemd-homed index 20401421..6af35549 100644 --- a/apparmor.d/groups/systemd/systemd-homed +++ b/apparmor.d/groups/systemd/systemd-homed @@ -35,7 +35,7 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) { mount options=(rw, rslave) -> @{run}/, mount /dev/dm-@{int} -> @{run}/systemd/user-home-mount/, - # dbus: own bus=system name=org.freedesktop.home1 + #aa:dbus own bus=system name=org.freedesktop.home1 @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index 41de11d1..1971822e 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -18,7 +18,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-hostnam/system, - # dbus: own bus=system name=org.freedesktop.hostname1 + #aa:dbus own bus=system name=org.freedesktop.hostname1 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/systemd/systemd-localed b/apparmor.d/groups/systemd/systemd-localed index 2156e8d6..4074b806 100644 --- a/apparmor.d/groups/systemd/systemd-localed +++ b/apparmor.d/groups/systemd/systemd-localed @@ -19,7 +19,7 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-localed/system, - # dbus: own bus=system name=org.freedesktop.locale1 + #aa:dbus own bus=system name=org.freedesktop.locale1 @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index 8d94192e..0f0f64b9 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -31,9 +31,9 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-logind/system, - # dbus: own bus=system name=org.freedesktop.login1 + #aa:dbus own bus=system name=org.freedesktop.login1 - # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" + #aa:dbus talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" dbus receive bus=system path=/org/freedesktop/login@{int}{,/seat/auto,session/_@{int}} interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/systemd/systemd-machined b/apparmor.d/groups/systemd/systemd-machined index bb2f6d37..f95e48e4 100644 --- a/apparmor.d/groups/systemd/systemd-machined +++ b/apparmor.d/groups/systemd/systemd-machined @@ -31,9 +31,9 @@ profile systemd-machined @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=system name=org.freedesktop.machine1 + #aa:dbus own bus=system name=org.freedesktop.machine1 - # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" + #aa:dbus talk bus=system name=org.freedesktop.systemd1 label="@{systemd}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd index 600ef78d..5f530c74 100644 --- a/apparmor.d/groups/systemd/systemd-networkd +++ b/apparmor.d/groups/systemd/systemd-networkd @@ -29,7 +29,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-network/bus-api-network, - # dbus: own bus=system name=org.freedesktop.network1 + #aa:dbus own bus=system name=org.freedesktop.network1 dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.hostname1 diff --git a/apparmor.d/groups/systemd/systemd-oomd b/apparmor.d/groups/systemd/systemd-oomd index 68ca4cb2..601921fa 100644 --- a/apparmor.d/groups/systemd/systemd-oomd +++ b/apparmor.d/groups/systemd/systemd-oomd @@ -17,7 +17,7 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-oomd/bus-api-oom, - # dbus: own bus=system name=org.freedesktop.oom1 + #aa:dbus own bus=system name=org.freedesktop.oom1 @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-portabled b/apparmor.d/groups/systemd/systemd-portabled index 00760c63..d4e5d234 100644 --- a/apparmor.d/groups/systemd/systemd-portabled +++ b/apparmor.d/groups/systemd/systemd-portabled @@ -29,7 +29,7 @@ profile systemd-portabled @{exec_path} { network inet6 dgram, network netlink raw, - # dbus: own bus=system name=org.freedesktop.portable1 + #aa:dbus own bus=system name=org.freedesktop.portable1 @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved index 570c49ac..6a3bc076 100644 --- a/apparmor.d/groups/systemd/systemd-resolved +++ b/apparmor.d/groups/systemd/systemd-resolved @@ -29,7 +29,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - # dbus: own bus=system name=org.freedesktop.resolve1 + #aa:dbus own bus=system name=org.freedesktop.resolve1 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated index 253a3236..e619d368 100644 --- a/apparmor.d/groups/systemd/systemd-timedated +++ b/apparmor.d/groups/systemd/systemd-timedated @@ -17,7 +17,7 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-timedat/system, - # dbus: own bus=system name=org.freedesktop.timedate1 + #aa:dbus own bus=system name=org.freedesktop.timedate1 dbus send bus=system path=/org/freedesktop/systemd1/unit/* interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd index 5f7427fd..fba798ac 100644 --- a/apparmor.d/groups/systemd/systemd-timesyncd +++ b/apparmor.d/groups/systemd/systemd-timesyncd @@ -24,7 +24,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{hex}/bus/systemd-timesyn/bus-api-timesync, unix (send, receive) type=dgram addr=none peer=(label=@{systemd}, addr=none), - # dbus: own bus=system name=org.freedesktop.timesync1 + #aa:dbus own bus=system name=org.freedesktop.timesync1 @{exec_path} mr, diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index d43d71f5..f83d5930 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -14,7 +14,7 @@ profile software-properties-dbus @{exec_path} { include include - # dbus: own bus=system name=com.ubuntu.SoftwareProperties + #aa:dbus own bus=system name=com.ubuntu.SoftwareProperties dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager index 5dd723b3..7c57f349 100644 --- a/apparmor.d/groups/ubuntu/update-manager +++ b/apparmor.d/groups/ubuntu/update-manager @@ -34,9 +34,9 @@ profile update-manager @{exec_path} flags=(attach_disconnected) { signal (send) peer=apt-methods-http, - # dbus: own bus=session name=org.freedesktop.UpdateManager + #aa:dbus own bus=session name=org.freedesktop.UpdateManager - # dbus: talk bus=system name=org.debian.apt label=apt + #aa:dbus talk bus=system name=org.debian.apt label=apt @{exec_path} mr, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index c8d3b678..0a7701cf 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -23,7 +23,7 @@ profile update-notifier @{exec_path} { unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-api-user, - # dbus: talk bus=system name=org.debian.apt label=apt + #aa:dbus talk bus=system name=org.debian.apt label=apt dbus receive bus=session path=/org/ayatana/NotificationItem/software_update_available interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/virt/libvirt-dbus b/apparmor.d/groups/virt/libvirt-dbus index 490f58af..80337b61 100644 --- a/apparmor.d/groups/virt/libvirt-dbus +++ b/apparmor.d/groups/virt/libvirt-dbus @@ -13,8 +13,8 @@ profile libvirt-dbus @{exec_path} { include include - # dbus: own bus=session name=org.libvirt - # dbus: own bus=system name=org.libvirt + #aa:dbus own bus=session name=org.libvirt + #aa:dbus own bus=system name=org.libvirt @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index f8a42e21..d753d7f8 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -12,7 +12,7 @@ profile atrild @{exec_path} { include include - # dbus: own bus=session name=org.mate.atril.Daemon + #aa:dbus own bus=session name=org.mate.atril.Daemon @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index e463f37b..13e3fed1 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -27,8 +27,8 @@ profile blueman @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=gjs-console, - # dbus: own bus=session name=org.blueman.Applet - # dbus: own bus=session name=org.blueman.Manager + #aa:dbus own bus=session name=org.blueman.Applet + #aa:dbus own bus=session name=org.blueman.Manager @{exec_path} mrix, diff --git a/apparmor.d/profiles-a-f/blueman-mechanism b/apparmor.d/profiles-a-f/blueman-mechanism index 13541b19..968c98f3 100644 --- a/apparmor.d/profiles-a-f/blueman-mechanism +++ b/apparmor.d/profiles-a-f/blueman-mechanism @@ -21,7 +21,7 @@ profile blueman-mechanism @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - # dbus: own bus=system name=org.blueman.Mechanism + #aa:dbus own bus=system name=org.blueman.Mechanism @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 460d586e..499a7e3c 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -23,7 +23,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) { network alg seqpacket, network netlink raw, - # dbus: own bus=system name=org.bluez + #aa:dbus own bus=system name=org.bluez dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index 6f398fbf..c3eca683 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -17,7 +17,7 @@ profile boltd @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=system name=org.freedesktop.bolt + #aa:dbus own bus=system name=org.freedesktop.bolt dbus receive bus=system path=/org/freedesktop/bolt interface=org.freedesktop.bolt1.Manager diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index c39af5f2..8bbc4e5d 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -20,7 +20,7 @@ profile cups-pk-helper-mechanism @{exec_path} { network inet stream, network inet6 stream, - # dbus: own bus=system name=org.opensuse.CupsPkHelper.Mechanism path=/ + #aa:dbus own bus=system name=org.opensuse.CupsPkHelper.Mechanism path=/ @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 39dc1842..4729bc3a 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -25,7 +25,7 @@ profile evince @{exec_path} { deny network inet, deny network inet6, - # dbus: own bus=session name=org.gnome.evince.Daemon + #aa:dbus own bus=session name=org.gnome.evince.Daemon dbus send bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index 2e784aad..0c90fe89 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -19,8 +19,8 @@ profile file-roller @{exec_path} { include include - # dbus: own bus=session name=org.gnome.ArchiveManager1 - # dbus: own bus=session name=org.gnome.FileRoller + #aa:dbus own bus=session name=org.gnome.ArchiveManager1 + #aa:dbus own bus=session name=org.gnome.FileRoller @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/firewalld b/apparmor.d/profiles-a-f/firewalld index f1025539..3c53688a 100644 --- a/apparmor.d/profiles-a-f/firewalld +++ b/apparmor.d/profiles-a-f/firewalld @@ -39,7 +39,7 @@ profile firewalld @{exec_path} { member={changeZoneOfInterface,removeInterface} peer=(name=:*, label=libvirtd), - # dbus: own bus=system name=org.fedoraproject.FirewallD1 + #aa:dbus own bus=system name=org.fedoraproject.FirewallD1 @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/flatpak-oci-authenticator b/apparmor.d/profiles-a-f/flatpak-oci-authenticator index c357c49c..e01ee3c4 100644 --- a/apparmor.d/profiles-a-f/flatpak-oci-authenticator +++ b/apparmor.d/profiles-a-f/flatpak-oci-authenticator @@ -11,7 +11,7 @@ profile flatpak-oci-authenticator @{exec_path} { include include - # dbus: own bus=session name=org.flatpak.Authenticator.Oci + #aa:dbus own bus=session name=org.flatpak.Authenticator.Oci @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index facbf1d5..38941785 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -20,7 +20,7 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) { signal send, - # dbus: own bus=session name=org.freedesktop.portal.Flatpak + #aa:dbus own bus=session name=org.freedesktop.portal.Flatpak @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/flatpak-session-helper b/apparmor.d/profiles-a-f/flatpak-session-helper index a06524d5..ddfe2c68 100644 --- a/apparmor.d/profiles-a-f/flatpak-session-helper +++ b/apparmor.d/profiles-a-f/flatpak-session-helper @@ -16,7 +16,7 @@ profile flatpak-session-helper @{exec_path} flags=(attach_disconnected) { signal (send) set=(int) peer=@{systemd}, - # dbus: own bus=session name=org.freedesktop.Flatpak + #aa:dbus own bus=session name=org.freedesktop.Flatpak @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/flatpak-system-helper b/apparmor.d/profiles-a-f/flatpak-system-helper index 58d5a5b6..3e36f9ee 100644 --- a/apparmor.d/profiles-a-f/flatpak-system-helper +++ b/apparmor.d/profiles-a-f/flatpak-system-helper @@ -24,7 +24,7 @@ profile flatpak-system-helper @{exec_path} { ptrace (read), - # dbus: own bus=system name=org.freedesktop.Flatpak.SystemHelper + #aa:dbus own bus=system name=org.freedesktop.Flatpak.SystemHelper @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 0ca64bbf..2fc866c6 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -19,7 +19,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=system name=net.reactivated.Fprint + #aa:dbus own bus=system name=net.reactivated.Fprint @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index f28d08a1..ee7dce12 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -33,7 +33,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { network netlink raw, - # dbus: own bus=system name=org.freedesktop.fwupd path=/ + #aa:dbus own bus=system name=org.freedesktop.fwupd path=/ dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 30ca0dbb..13ae9222 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -19,7 +19,7 @@ profile glib-pacrunner @{exec_path} { network inet6 stream, network netlink raw, - # dbus: own bus=session name=org.gtk.GLib.PACRunner + #aa:dbus own bus=session name=org.gtk.GLib.PACRunner @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index b1007cea..cb9f00b0 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -17,7 +17,7 @@ profile obexd @{exec_path} { network bluetooth stream, network bluetooth seqpacket, - # dbus: own bus=session name=org.bluez.obex + #aa:dbus own bus=session name=org.bluez.obex dbus receive bus=system path=/org/bluez/obex/@{uuid} interface=org.bluez.Profile1 diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index e10e0bd6..4834c76d 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -37,7 +37,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { signal send set=int peer=apt-methods-*, - # dbus: own bus=system name=org.freedesktop.PackageKit + #aa:dbus own bus=system name=org.freedesktop.PackageKit dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index 0dd0b578..2109f7f8 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -18,7 +18,7 @@ profile passimd @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - # dbus: own bus=system name=org.freedesktop.Passim + #aa:dbus own bus=system name=org.freedesktop.Passim @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 73e7e0f1..7cda61e1 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -31,7 +31,7 @@ profile pkexec @{exec_path} { ptrace (read), - # dbus: talk bus=system name=org.freedesktop.PolicyKit1.Authority label=polkitd + #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1.Authority label=polkitd @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index 5f58c389..dc663fb2 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -20,7 +20,7 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=system name=net.hadess.PowerProfiles + #aa:dbus own bus=system name=net.hadess.PowerProfiles @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 78dc3cef..833c8181 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -29,7 +29,7 @@ profile remmina @{exec_path} { network inet6 stream, network netlink raw, - # dbus: own bus=session name=org.remmina.Remmina + #aa:dbus own bus=session name=org.remmina.Remmina dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**} peer=(name="{:*,org.freedesktop.DBus}"), # all interfaces and members diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index 9a36957d..72d6f0e7 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -21,7 +21,7 @@ profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { capability sys_nice, capability sys_ptrace, - # dbus: own bus=system name=org.freedesktop.RealtimeKit1 + #aa:dbus own bus=system name=org.freedesktop.RealtimeKit1 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 184de23c..19b991cc 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -16,7 +16,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) { network netlink raw, - # dbus: own bus=system name=net.hadess.SwitcherooControl + #aa:dbus own bus=system name=net.hadess.SwitcherooControl @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator index d9c372ea..86b064de 100644 --- a/apparmor.d/profiles-s-z/terminator +++ b/apparmor.d/profiles-s-z/terminator @@ -22,7 +22,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) { ptrace, - # dbus: own bus=session name=net.tenshu.Terminator@{hex} + #aa:dbus own bus=session name=net.tenshu.Terminator@{hex} @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 2fd6fd5d..5dfa6612 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -17,7 +17,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { capability sys_boot, - # dbus: own bus=system name=org.freedesktop.thermald + #aa:dbus own bus=system name=org.freedesktop.thermald @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 9b82d3f6..72d6cd3c 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -45,7 +45,7 @@ profile thunderbird @{exec_path} { ptrace peer=@{profile_name}, - # dbus: own bus=session name=org.mozilla.thunderbird + #aa:dbus own bus=session name=org.mozilla.thunderbird dbus receive bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 5e4748a9..f994d869 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -59,7 +59,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { signal (receive) set=(int) peer=@{systemd}, - # dbus: own bus=system name=org.freedesktop.UDisks2 + #aa:dbus own bus=system name=org.freedesktop.UDisks2 dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant index 070bae13..0a16592a 100644 --- a/apparmor.d/profiles-s-z/wpa-supplicant +++ b/apparmor.d/profiles-s-z/wpa-supplicant @@ -28,7 +28,7 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) { network packet dgram, network packet raw, - # dbus: own bus=system name=fi.w1.wpa_supplicant1 + #aa:dbus own bus=system name=fi.w1.wpa_supplicant1 @{exec_path} mr, diff --git a/docs/development/dbus.md b/docs/development/dbus.md index 0e412b78..145fea53 100644 --- a/docs/development/dbus.md +++ b/docs/development/dbus.md @@ -22,7 +22,7 @@ We use a special directive to generate (when running `make`) more advanced dbus **Directive format** ``` -# dbus: ( own | talk ) bus=( system | session ) name=AARE [label=AARE] [interface=AARE] [path=AARE] +#aa:dbus: ( own | talk ) bus=( system | session ) name=AARE [label=AARE] [interface=AARE] [path=AARE] ``` The directive format is on purpose very similar to apparmor dbus rules. However, there are some restrictions: @@ -41,7 +41,7 @@ Allow owning a dbus interface: [apparmor.d/groups/network/NetworkManager](https://github.com/roddhjav/apparmor.d/blob/a3b15973640042af7da0ed540db690c711fbf6ec/apparmor.d/groups/network/NetworkManager#L46) ``` aa linenums="46" - # dbus: own bus=system name=org.freedesktop.NetworkManager + #aa:dbus: own bus=system name=org.freedesktop.NetworkManager ``` Allow talking to a dbus interface on a given profile @@ -50,6 +50,6 @@ Allow talking to a dbus interface on a given profile [apparmor.d/groups/gnome/gdm](https://github.com/roddhjav/apparmor.d/blob/a3b15973640042af7da0ed540db690c711fbf6ec/apparmor.d/groups/gnome/gdm#L32) ``` aa linenums="32" - # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind ```