mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
feat(dbus): update dbus rules.
This commit is contained in:
Alexandre Pujol
parent
600a71a6b1
commit
6c397882ad
@ -12,3 +12,4 @@
|
||||
owner @{run}/user/@{uid}/at-spi/bus_@{int} rw,
|
||||
|
||||
owner /tmp/dbus-@{rand8} rw,
|
||||
owner /tmp/dbus-@{rand10} rw,
|
||||
|
||||
@ -20,3 +20,5 @@
|
||||
unix (connect, send, receive, accept, bind, listen)
|
||||
type=stream
|
||||
addr="@/home/*/.cache/ibus/dbus-????????",
|
||||
|
||||
owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw,
|
||||
|
||||
@ -11,9 +11,9 @@ include <tunables/global>
|
||||
profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus>
|
||||
include <abstractions/dbus-session>
|
||||
include <abstractions/dbus-accessibility>
|
||||
include <abstractions/dbus-session>
|
||||
include <abstractions/dbus>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability audit_write,
|
||||
@ -78,29 +78,29 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
/var/lib/snapd/dbus-1/services/{,**} r,
|
||||
/var/lib/snapd/dbus-1/system-services/{,**} r,
|
||||
|
||||
owner @{user_share_dirs}/dbus-1/{,**} r,
|
||||
@{user_share_dirs}/icc/{,edid-*} r,
|
||||
owner @{user_share_dirs}/dbus-1/{,**} r,
|
||||
|
||||
owner /tmp/dbus-@{rand10} rw,
|
||||
|
||||
owner @{run}/user/@{uid}/dbus-1/ rw,
|
||||
owner @{run}/user/@{uid}/dbus-1/services/ rw,
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
@{run}/systemd/notify w,
|
||||
@{run}/systemd/sessions/*.ref rw,
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
owner @{run}/user/@{uid}/dbus-1/ rw,
|
||||
owner @{run}/user/@{uid}/dbus-1/services/ rw,
|
||||
owner @{run}/user/@{uid}/systemd/notify w,
|
||||
|
||||
@{sys}/kernel/security/apparmor/.access rw,
|
||||
@{sys}/kernel/security/apparmor/features/dbus/mask r,
|
||||
@{sys}/module/apparmor/parameters/enabled r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pids}/mounts r,
|
||||
@{PROC}/@{pids}/attr/apparmor/current r,
|
||||
@{PROC}/@{pids}/oom_score_adj rw,
|
||||
@{PROC}/@{pids}/cmdline r,
|
||||
@{PROC}/@{pids}/mounts r,
|
||||
@{PROC}/@{pids}/oom_score_adj rw,
|
||||
@{PROC}/1/environ r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/dri/card@{int} rw,
|
||||
/dev/input/event@{int} rw,
|
||||
|
||||
@ -19,5 +19,7 @@ profile ibus-memconf @{exec_path} {
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
|
||||
|
||||
owner /var/lib/gdm{3,}/.cache/ibus/dbus-@{rand8} rw,
|
||||
|
||||
include if exists <local/ibus-memconf>
|
||||
}
|
||||
|
||||
@ -24,6 +24,11 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) {
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/IBus
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=:*, label=ibus-daemon),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.portal.IBus,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@ -22,9 +22,10 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.pulseaudio.Server,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixProcessID
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
|
||||
|
||||
@ -31,6 +31,16 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label=bluetoothd),
|
||||
|
||||
dbus receive bus=system path=/org/bluez/hci0
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=bluetoothd),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member={UserNew,UserRemoved,SessionNew,SessionRemoved,PrepareForShutdown,PrepareForSleep}
|
||||
@ -41,8 +51,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.UPower,
|
||||
dbus bind bus=system name=org.freedesktop.UPower,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -36,9 +36,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
||||
dbus receive bus=session path=/org/freedesktop/portal/documents
|
||||
interface=org.freedesktop.portal.Documents
|
||||
member=GetMountPoint
|
||||
peer=(name=:*, label="{snap,xdg-desktop-portal}"),
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -29,9 +29,9 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
|
||||
dbus receive bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.impl.portal.PermissionStore
|
||||
member=Lookup
|
||||
peer=(name=:*, label="{gnome-shell,xdg-desktop-portal}"),
|
||||
peer=(name=:*, label="{gnome-shell,xdg-desktop-portal,wireplumber}"),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -23,6 +23,8 @@ profile evolution-addressbook-factory @{exec_path} {
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
@ -36,6 +38,11 @@ profile evolution-addressbook-factory @{exec_path} {
|
||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
|
||||
|
||||
@ -32,8 +32,13 @@ profile evolution-calendar-factory @{exec_path} {
|
||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus (send,receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
|
||||
interface={org.freedesktop.DBus.{Introspectable,ObjectManager,Properties},org.gnome.evolution.dataserver.*},
|
||||
interface={org.freedesktop.DBus.{ObjectManager,Properties},org.gnome.evolution.dataserver.*},
|
||||
|
||||
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar[0-9]*,
|
||||
|
||||
|
||||
@ -36,35 +36,37 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/Notifications
|
||||
dbus send bus=session path=/org/freedesktop/Notifications
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Notifications
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Notifications
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-extension-ding),
|
||||
|
||||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
dbus receive bus=session path=/org/gnome/Shell/Screencast
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/ScreenSaver
|
||||
dbus (send,receive) bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Shell/Introspect
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=xdg-desktop-portal-*),
|
||||
|
||||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
member=ActiveChanged
|
||||
peer=(name=org.freedesktop.DBus, label="{gnome-session-binary,gsd-power,xdg-desktop-portal-gtk}"),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
member={ActiveChanged,WakeUpScreen,GetActive}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-session-binary,xdg-desktop-portal-*}"),
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
@ -77,6 +79,8 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
dbus bind bus=session name=org.gnome.Shell.Notifications,
|
||||
|
||||
dbus bind bus=session name=org.gnome.Shell.Screencast,
|
||||
|
||||
@{exec_path} mr,
|
||||
@{bin}/ r,
|
||||
@{bin}/[a-z0-9]* rPUx,
|
||||
|
||||
@ -9,11 +9,14 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/gnome-disks
|
||||
profile gnome-disks @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/disks-write>
|
||||
include <abstractions/gnome>
|
||||
include <abstractions/user-download-strict>
|
||||
|
||||
dbus bind bus=session name=org.gnome.DiskUtility,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
||||
|
||||
@ -44,9 +44,10 @@ profile gnome-extension-ding @{exec_path} {
|
||||
member=GetAll
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect,
|
||||
member=Introspect
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
||||
@ -39,6 +39,10 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
member=GetSession
|
||||
peer=(name=org.freedesktop.login[0-9]),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
peer=(name=org.gnome.SessionManager, label=gnome-session-binary),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/keyring/daemon
|
||||
interface=org.gnome.keyring.Daemon
|
||||
peer=(name="{org.gnome.keyring,:*}", label=@{profile_name}), # all members
|
||||
@ -93,7 +97,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
member=GetAll
|
||||
peer=(name=:*, label=xdg-desktop-portal),
|
||||
|
||||
dbus receive bus=session path=/
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -125,9 +125,9 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
|
||||
@ -81,10 +81,14 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||
interface=org.freedesktop.{DBus.Properties,Accounts*}
|
||||
member={GetAll,FindUserByName,Changed,PropertiesChanged,FindUserById,ListCachedUsers,UserAdded},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UPower{,/devices/DisplayDevice}
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UPower{,**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged},
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UPower{,**}
|
||||
interface=org.freedesktop.UPower
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/GeoClue2/{Agent,Manager}
|
||||
interface=org.freedesktop.{DBus.Properties,GeoClue2.Manager}
|
||||
member={PropertiesChanged,AddAgent,GetAll},
|
||||
@ -256,25 +260,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-media-keys),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Shell
|
||||
dbus (send,receive) bus=session path=/org/gnome/Shell{,/**}
|
||||
interface=org.gnome.Shell
|
||||
member=AcceleratorActivated
|
||||
peer=(name=:*, label=gsd-media-keys),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Shell
|
||||
interface=org.gnome.Shell
|
||||
member={GrabAccelerators,UngrabAccelerators}
|
||||
peer=(name=:*, label=gsd-media-keys),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
||||
interface=org.gnome.Shell.Introspect
|
||||
member={RunningApplicationsChanged,WindowsChanged}
|
||||
peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal-*),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Shell/Introspect
|
||||
interface=org.gnome.Shell.Introspect
|
||||
member=GetRunningApplications
|
||||
peer=(name=:*, label=xdg-desktop-portal-*),
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
@ -331,7 +319,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||
member=GetAppId
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session
|
||||
dbus (send, receive) bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*), # all paths and peer's labels
|
||||
@ -386,6 +374,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||
member=DescribeAll
|
||||
peer=(name=:*, label=gnome-extension-ding),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/ColorManager{,/**}
|
||||
interface=org.freedesktop.ColorManager
|
||||
peer=(name=:*, label=colord),
|
||||
|
||||
dbus send bus=session path=/com/rastersoft/ding
|
||||
interface=org.gtk.Actions
|
||||
member=DescribeAll
|
||||
|
||||
@ -13,8 +13,26 @@ profile gnome-shell-calendar-server @{exec_path} {
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.Shell.CalendarServer,
|
||||
dbus bind bus=session name=org.gnome.Shell.CalendarServer,
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
||||
interface=org.gnome.evolution.dataserver.CalendarView
|
||||
peer=(name=:*, label=evolution-calendar-factory),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Shell/CalendarServer
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Shell/CalendarServer
|
||||
interface=org.gnome.Shell.CalendarServer
|
||||
member=SetTimeRange
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -46,9 +46,9 @@ profile goa-daemon @{exec_path} {
|
||||
dbus receive bus=session path=/org/gnome/OnlineAccounts
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label="{gvfs-goa-volume-monitor,goa-daemon,goa-identity-service,unconfined}"),
|
||||
peer=(name=:*, label="{gvfs-goa-volume-monitor,goa-daemon,goa-identity-service,evolution-source-registry,unconfined}"),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -27,7 +27,7 @@ profile goa-identity-service @{exec_path} {
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label=goa-daemon),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -49,7 +49,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
member=ListMountable*
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
|
||||
@ -44,28 +44,26 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=:*, label=tracker-extract),
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=org.freedesktop.DBus, label=tracker-extract), # all members
|
||||
peer=(name=org.freedesktop.DBus), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=:*, label=tracker-extract), # all members
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Miner/**
|
||||
interface=org.freedesktop.Tracker3.Miner
|
||||
peer=(name=:*, label=tracker-extract), # all members
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.freedesktop.Tracker3.Miner.*,
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.*,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -20,11 +20,11 @@ profile gvfs-afc-volume-monitor @{exec_path} {
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,nautilus,tracker-*,unconfined}"),
|
||||
|
||||
dbus receive bus=session path=/{,org/gtk/Private/RemoteVolumeMonitor}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
|
||||
@ -22,9 +22,9 @@ profile gvfs-goa-volume-monitor @{exec_path} {
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
|
||||
dbus receive bus=session path=/{,org/gtk/Private/RemoteVolumeMonitor}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/OnlineAccounts
|
||||
|
||||
@ -24,11 +24,11 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} {
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,nautilus,tracker-*,unconfined}"),
|
||||
|
||||
dbus receive bus=session path=/{,org/,org/gtk/Private/RemoteVolumeMonitor}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
|
||||
@ -23,9 +23,9 @@ profile gvfs-mtp-volume-monitor @{exec_path} {
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,nautilus,tracker-*,unconfined}"),
|
||||
|
||||
dbus receive bus=session path=/{,org/,org/gtk/Private/RemoteVolumeMonitor}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -18,7 +18,7 @@ profile gvfsd @{exec_path} {
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=Mounted
|
||||
peer=(name=org.freedesktop.DBus, label="{gvfsd-*,gnome-*,tracker-miner}"),
|
||||
@ -42,7 +42,7 @@ profile gvfsd @{exec_path} {
|
||||
member=Spawned
|
||||
peer=(name=:*, label=gvfsd-*),
|
||||
|
||||
dbus receive bus=session path=/{,org}
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@ -21,6 +21,17 @@ profile ssh-agent-launch @{exec_path} {
|
||||
|
||||
profile dbus {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=UpdateActivationEnvironment
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
member=SetEnvironment
|
||||
peer=(name=org.freedesktop.systemd1),
|
||||
|
||||
@{bin}/dbus-update-activation-environment mr,
|
||||
|
||||
|
||||
@ -26,8 +26,8 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
|
||||
peer=(name=org.freedesktop.PolicyKit1),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.{DBus.Properties,hostname1}
|
||||
member={Get,GetAll,SetHostname}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/hostname1
|
||||
|
||||
@ -10,6 +10,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{lib}/bluetooth/bluetoothd
|
||||
profile bluetoothd @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
# Needed for configuring HCI interfaces
|
||||
capability net_admin,
|
||||
@ -21,6 +22,20 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
|
||||
network alg seqpacket,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/bluez/hci0
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=system path=/org/bluez{,**}
|
||||
interface=org.bluez.Media1
|
||||
member=RegisterApplication
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/@{multiarch}/bluetooth/plugins/*.so mr,
|
||||
|
||||
@ -17,6 +17,10 @@ profile file-roller @{exec_path} {
|
||||
include <abstractions/user-write>
|
||||
include <abstractions/wayland>
|
||||
|
||||
dbus bind bus=session name=org.gnome.ArchiveManager1,
|
||||
|
||||
dbus bind bus=session name=org.gnome.FileRoller,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
# Archivers
|
||||
|
||||
@ -33,6 +33,10 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,Set},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1
|
||||
interface={org.freedesktop.login1.Manager,org.freedesktop.DBus.Properties}
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=Changed,
|
||||
|
||||
@ -15,6 +15,8 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
capability sys_boot,
|
||||
|
||||
dbus (bind) bus=system name=org.freedesktop.thermald,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
@ -25,7 +27,15 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus (bind) bus=system name=org.freedesktop.thermald,
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=power-profiles-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@ include <tunables/global>
|
||||
profile vlc @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
@ -32,34 +33,32 @@ profile vlc @{exec_path} {
|
||||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
signal (receive) set=(term, kill) peer=anyremote//*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.a11y.Bus),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=org.kde.StatusNotifierWatcher),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,RegisterStatusNotifierItem}
|
||||
peer=(name=org.kde.StatusNotifierWatcher),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.kde.StatusNotifierWatcher
|
||||
member=RegisterStatusNotifierItem
|
||||
peer=(name=org.kde.StatusNotifierWatcher),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierItem
|
||||
dbus send bus=session path=/StatusNotifierItem
|
||||
interface=org.kde.StatusNotifierItem
|
||||
member={NewToolTip,NewStatus,NewAttentionIcon,NewTitle,NewStatus,NewIcon}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
@ -74,24 +73,18 @@ profile vlc @{exec_path} {
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/ScreenSaver
|
||||
dbus send bus=session path=/ScreenSaver
|
||||
interface=org.freedesktop.ScreenSaver
|
||||
member={Inhibit,UnInhibit}
|
||||
peer=(name=org.freedesktop.ScreenSaver),
|
||||
|
||||
dbus receive bus=session path=/MenuBar
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/MenuBar
|
||||
dbus send bus=session path=/MenuBar
|
||||
interface=com.canonical.dbusmenu
|
||||
member={LayoutUpdated,ItemsPropertiesUpdated}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session path=/MenuBar
|
||||
dbus (send receive) bus=session path=/MenuBar
|
||||
interface=com.canonical.dbusmenu
|
||||
member={GetLayout,GetGroupProperties,AboutToShow,AboutToShowGroup,EventGroup,Event}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/mpris/MediaPlayer2
|
||||
@ -102,19 +95,8 @@ profile vlc @{exec_path} {
|
||||
interface=org.mpris.MediaPlayer2.*
|
||||
peer=(name="{org.mpris.MediaPlayer2.vlc,org.freedesktop.DBus,:*}"), # all members
|
||||
|
||||
# dbus send bus=system path=/
|
||||
# interface=org.freedesktop.DBus.Peer
|
||||
# member=Ping,
|
||||
# peer=(name="org.freedesktop.Avahi"),
|
||||
|
||||
dbus send bus=accessibility path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,AddMatch,RemoveMatch}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
dbus send bus=accessibility
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
@ -122,21 +104,11 @@ profile vlc @{exec_path} {
|
||||
member=Set
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus receive bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=EventListenerDeregistered
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.kde.StatusNotifierItem-*,
|
||||
|
||||
|
||||
@ -10,6 +10,8 @@ include <tunables/global>
|
||||
profile wireplumber @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/devices-usb>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/video>
|
||||
@ -19,6 +21,13 @@ profile wireplumber @{exec_path} {
|
||||
network bluetooth stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0,
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/opt/intel/oneapi/{compiler,lib,mkl}/**/ r,
|
||||
|
||||
@ -29,12 +29,11 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus receive bus=system path=/fi/w[0-9]/wpa_supplicant[0-9]
|
||||
dbus receive bus=system path=/fi/w[0-9]/wpa_supplicant1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus bind bus=system
|
||||
name=fi.w1.wpa_supplicant[0-9],
|
||||
dbus bind bus=system name=fi.w1.wpa_supplicant1,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user