mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): update some dbus rules.

Browse source
This commit is contained in:
Alexandre Pujol 2024-01-21 11:49:25 +00:00
parent 6556856fed
commit 81e98bf71d
Failed to generate hash of commit
10 changed files with 46 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/abstractions/bus/org.freedesktop.UDisks2
View file

@ -22,4 +22,9 @@
member=Completed member=Completed
peer=(name=:*, label=udisksd), peer=(name=:*, label=udisksd),
dbus receive bus=system path=/org/freedesktop/UDisks2/block_devices/*
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=:*, label=udisksd),
include if exists <abstractions/bus/org.freedesktop.UDisks2.d> include if exists <abstractions/bus/org.freedesktop.UDisks2.d>

6
apparmor.d/abstractions/bus/org.kde.StatusNotifierItem Normal file
View file

@ -0,0 +1,6 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
include if exists <abstractions/bus/org.kde.StatusNotifierItem.d>

14
apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher
View file

@ -2,5 +2,19 @@
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
dbus send bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell),
dbus send bus=session path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
member=RegisterStatusNotifierItem
peer=(name="{:*,org.kde.StatusNotifierWatcher}", label=gnome-shell),
dbus send bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell),
include if exists <abstractions/bus/org.kde.StatusNotifierWatcher.d> include if exists <abstractions/bus/org.kde.StatusNotifierWatcher.d>

11
apparmor.d/groups/bus/dbus-daemon
View file

@ -10,10 +10,10 @@ include <tunables/global>
@{exec_path} = @{bin}/dbus-daemon @{exec_path} = @{bin}/dbus-daemon
profile dbus-daemon @{exec_path} flags=(attach_disconnected) { profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/dbus-accessibility>
include <abstractions/dbus-session>
include <abstractions/dbus>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@ -37,11 +37,16 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
ptrace (read), ptrace (read),
dbus bus=accessibility,
dbus bus=session,
dbus bus=system,
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,
@{bin}/* rPUx, @{bin}/* rPUx,
@{bin}/dbus-launch rix,
@{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rix, # See #74, #80 & #235 @{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rix, # See #74, #80 & #235
@{lib}/@{multiarch}/tumbler-1/tumblerd rPUx, @{lib}/@{multiarch}/tumbler-1/tumblerd rPUx,
@{lib}/@{multiarch}/xfce[0-9]/xfconf/xfconfd rPx, @{lib}/@{multiarch}/xfce[0-9]/xfconf/xfconfd rPx,

9
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -29,13 +29,8 @@ profile gnome-extension-ding @{exec_path} {
unix (send,receive) type=stream addr=none peer=(label=gnome-shell), unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
dbus bind bus=session name=com.rastersoft.ding, # dbus: own bus=session name=com.rastersoft.ding
dbus receive bus=session path=/com/rastersoft/ding # dbus: talk bus=session name=com.rastersoft.dingextension label=gnome-shell
interface={org.gtk.Actions,org.freedesktop.DBus.Properties}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/com/rastersoft/ding{,**}
interface=org.gtk.Actions
peer=(label=gnome-shell),
dbus send bus=session path=/org/freedesktop/DBus dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable

11
apparmor.d/groups/gnome/gnome-shell
View file

@ -80,20 +80,15 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"), peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"),
# dbus: own bus=session name=com.canonical.Unity path=/com/canonical/unity # dbus: own bus=session name=com.canonical.Unity path=/com/canonical/unity
# dbus: own bus=session name=com.rastersoft.dingextension
# dbus: own bus=session name=org.gtk.MountOperationHandler # dbus: own bus=session name=org.gtk.MountOperationHandler
# dbus: own bus=session name=org.gtk.Notifications # dbus: own bus=session name=org.gtk.Notifications
# dbus: own bus=session name=org.kde.StatusNotifierWatcher path=/StatusNotifierWatcher # dbus: own bus=session name=org.kde.StatusNotifierWatcher path=/StatusNotifierWatcher
dbus bind bus=session name=com.rastersoft.dingextension,
dbus (send, receive) bus=session path=/com/rastersoft/ding
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=gnome-extension-ding),
dbus (send, receive) bus=session path=/com/rastersoft/ding{,extension/control}
interface=org.gtk.Actions
peer=(name=:*, label=gnome-extension-ding),
# Talk with gnome-shell # Talk with gnome-shell
# dbus: talk bus=session name=com.rastersoft.ding label=gnome-extension-ding
## System bus ## System bus
dbus (send, receive) bus=system path=/org/gnome/** dbus (send, receive) bus=system path=/org/gnome/**

13
apparmor.d/groups/gnome/nautilus
View file

@ -36,6 +36,9 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
# dbus: own bus=session name=org.freedesktop.FileManager1 # dbus: own bus=session name=org.freedesktop.FileManager1
# dbus: talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell
# dbus: talk bus=session name=org.gtk.vfs label=gvfsd
dbus receive bus=session path=/org/gnome/Nautilus/SearchProvider dbus receive bus=session path=/org/gnome/Nautilus/SearchProvider
interface=org.gnome.Shell.SearchProvider2 interface=org.gnome.Shell.SearchProvider2
peer=(name=:*, label=gnome-shell), peer=(name=:*, label=gnome-shell),
@ -50,16 +53,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
member={GetAll,ListActivatableNames} member={GetAll,ListActivatableNames}
peer=(name=org.freedesktop.DBus, label=dbus-daemon), peer=(name=org.freedesktop.DBus, label=dbus-daemon),
# talk: org.gtk.vfs.*
dbus send bus=session path=/org/gtk/vfs/**
interface=org.gtk.vfs.*
peer=(name=:*, label=gvfsd),
# talk: org.gtk.MountOperationHandler
dbus send bus=session path=/org/gtk/MountOperationHandler
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gtk/Notifications dbus send bus=session path=/org/gtk/Notifications
interface=org.gtk.Notifications interface=org.gtk.Notifications
member=AddNotification member=AddNotification

1
apparmor.d/groups/ubuntu/update-notifier
View file

@ -15,6 +15,7 @@ profile update-notifier @{exec_path} {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.kde.StatusNotifierWatcher>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

20
apparmor.d/profiles-m-r/qbittorrent
View file

@ -17,6 +17,7 @@ profile qbittorrent @{exec_path} {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.kde.StatusNotifierWatcher>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/dri-common> include <abstractions/dri-common>
@ -47,17 +48,7 @@ profile qbittorrent @{exec_path} {
network inet6 stream, network inet6 stream,
network netlink dgram, network netlink dgram,
network netlink raw, network netlink raw,
dbus send bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.kde.StatusNotifierWatcher),
dbus send bus=session path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
member=RegisterStatusNotifierItem
peer=(name=org.kde.StatusNotifierWatcher),
dbus send bus=session path=/StatusNotifierItem dbus send bus=session path=/StatusNotifierItem
interface=org.kde.StatusNotifierItem interface=org.kde.StatusNotifierItem
member={NewToolTip,NewIcon} member={NewToolTip,NewIcon}
@ -67,12 +58,7 @@ profile qbittorrent @{exec_path} {
interface=org.kde.StatusNotifierItem interface=org.kde.StatusNotifierItem
member=Activate member=Activate
peer=(name=:*), peer=(name=:*),
dbus send bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.kde.StatusNotifierWatcher),
dbus receive bus=session path=/{StatusNotifierItem,MenuBar} dbus receive bus=session path=/{StatusNotifierItem,MenuBar}
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member=GetAll member=GetAll

11
apparmor.d/profiles-m-r/remmina
View file

@ -16,6 +16,7 @@ profile remmina @{exec_path} {
include <abstractions/bus/org.freedesktop.hostname1> include <abstractions/bus/org.freedesktop.hostname1>
include <abstractions/bus/org.freedesktop.secrets> include <abstractions/bus/org.freedesktop.secrets>
include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor> include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
include <abstractions/bus/org.kde.StatusNotifierWatcher>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/fonts> include <abstractions/fonts>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
@ -31,19 +32,9 @@ profile remmina @{exec_path} {
# dbus: own bus=session name=org.remmina.Remmina # dbus: own bus=session name=org.remmina.Remmina
dbus send bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.kde.StatusNotifierWatcher),
dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**} dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**}
peer=(name="{:*,org.freedesktop.DBus}"), # all interfaces and members peer=(name="{:*,org.freedesktop.DBus}"), # all interfaces and members
dbus send bus=session path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
member=RegisterStatusNotifierItem
peer=(name=:*),
@{exec_path} r, @{exec_path} r,
/usr/share/remmina/{,**} r, /usr/share/remmina/{,**} r,