From 8162c0aa2aada26a8bfc9f970953e8e54b486301 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 4 Dec 2023 21:27:18 +0000
Subject: [PATCH] feat(dbus): add more dbus abstraction (2)

---
 apparmor.d/abstractions/bus/desktop           | 20 +++++++++
 apparmor.d/abstractions/bus/gnome-screensaver | 20 +++++++++
 apparmor.d/abstractions/bus/hostname          | 10 +++++
 apparmor.d/abstractions/bus/locale            | 10 +++++
 apparmor.d/abstractions/bus/session-manager   | 41 +++++++++++++++++++
 apparmor.d/abstractions/bus/systemd           | 10 +++++
 apparmor.d/abstractions/bus/systemd-session   | 15 +++++++
 7 files changed, 126 insertions(+)
 create mode 100644 apparmor.d/abstractions/bus/desktop
 create mode 100644 apparmor.d/abstractions/bus/gnome-screensaver
 create mode 100644 apparmor.d/abstractions/bus/hostname
 create mode 100644 apparmor.d/abstractions/bus/locale
 create mode 100644 apparmor.d/abstractions/bus/session-manager
 create mode 100644 apparmor.d/abstractions/bus/systemd
 create mode 100644 apparmor.d/abstractions/bus/systemd-session

diff --git a/apparmor.d/abstractions/bus/desktop b/apparmor.d/abstractions/bus/desktop
new file mode 100644
index 00000000..d67f93bc
--- /dev/null
+++ b/apparmor.d/abstractions/bus/desktop
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.DBus.Properties
+       member={GetAll,Read}
+       peer=(name="{:*,org.freedesktop.portal.Desktop}", label=xdg-desktop-portal),
+
+  dbus send bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.portal.Settings
+       member=Read
+       peer=(name=:*, label=xdg-desktop-portal),
+
+  dbus receive bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.portal.Settings
+       member=SettingChanged
+       peer=(name=:*, label=xdg-desktop-portal),
+
+  include if exists <abstractions/bus/desktop.d>
diff --git a/apparmor.d/abstractions/bus/gnome-screensaver b/apparmor.d/abstractions/bus/gnome-screensaver
new file mode 100644
index 00000000..75e2fc8c
--- /dev/null
+++ b/apparmor.d/abstractions/bus/gnome-screensaver
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/gnome/ScreenSaver
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gjs-console),
+
+  dbus send bus=session path=/org/gnome/ScreenSaver
+       interface=org.gnome.ScreenSaver
+       member=GetActive
+       peer=(name=:*, label=gjs-console),
+
+  dbus receive bus=session path=/org/gnome/ScreenSaver
+       interface=org.gnome.ScreenSaver
+       member={ActiveChanged,WakeUpScreen}
+       peer=(name=:*, label=gjs-console),
+
+  include if exists <abstractions/bus/gnome-screensaver.d>
diff --git a/apparmor.d/abstractions/bus/hostname b/apparmor.d/abstractions/bus/hostname
new file mode 100644
index 00000000..073cd8d8
--- /dev/null
+++ b/apparmor.d/abstractions/bus/hostname
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/hostname1
+       interface=org.freedesktop.DBus.Properties
+       member={Get,GetAll}
+       peer=(name="{:*,org.freedesktop.hostname1}", label=systemd-hostnamed),
+
+  include if exists <abstractions/bus/hostname.d>
diff --git a/apparmor.d/abstractions/bus/locale b/apparmor.d/abstractions/bus/locale
new file mode 100644
index 00000000..f0dfd752
--- /dev/null
+++ b/apparmor.d/abstractions/bus/locale
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/locale1
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=systemd-localed),
+
+  include if exists <abstractions/bus/locale.d>
diff --git a/apparmor.d/abstractions/bus/session-manager b/apparmor.d/abstractions/bus/session-manager
new file mode 100644
index 00000000..8a4429b7
--- /dev/null
+++ b/apparmor.d/abstractions/bus/session-manager
@@ -0,0 +1,41 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/gnome/SessionManager
+       interface=org.gnome.SessionManager
+       member={RegisterClient,IsSessionRunning}
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/SessionManager
+       interface=org.gnome.SessionManager
+       member={ClientAdded,ClientRemoved,SessionRunning,InhibitorRemoved,InhibitorAdded}
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus send bus=session path=/org/gnome/SessionManager
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-session-binary),
+
+
+  dbus send bus=session path=/org/gnome/SessionManager/Client@{int}
+       interface=org.gnome.SessionManager.ClientPrivate
+       member=EndSessionResponse
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/SessionManager/Client@{int}
+       interface=org.gnome.SessionManager.ClientPrivate
+       member={CancelEndSession,QueryEndSession,EndSession,Stop}
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus send bus=session path=/org/gnome/SessionManager/Client@{int}
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/SessionManager/Client@{int}
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=:*, label=gnome-session-binary),
+
+  include if exists <abstractions/bus/session-manager.d>
diff --git a/apparmor.d/abstractions/bus/systemd b/apparmor.d/abstractions/bus/systemd
new file mode 100644
index 00000000..63ce48bd
--- /dev/null
+++ b/apparmor.d/abstractions/bus/systemd
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/systemd1
+       interface=org.freedesktop.DBus.Properties
+       member={Get,GetAll}
+       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
+
+  include if exists <abstractions/bus/systemd.d>
diff --git a/apparmor.d/abstractions/bus/systemd-session b/apparmor.d/abstractions/bus/systemd-session
new file mode 100644
index 00000000..3ae3abd4
--- /dev/null
+++ b/apparmor.d/abstractions/bus/systemd-session
@@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=session path=/org/freedesktop/systemd1
+       interface=org.freedesktop.DBus.Properties
+       member={Get,GetAll}
+       peer=(name="{:*,org.freedesktop.systemd1}", label="@{systemd}"),
+
+  dbus send bus=session path=/org/freedesktop/systemd1
+       interface=org.freedesktop.systemd1.Manager
+       member=GetUnit
+       peer=(name="{:*,org.freedesktop.systemd1}", label="@{systemd}"),
+
+  include if exists <abstractions/bus/systemd-session.d>