mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(dbus): improve dbus integration.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-08 17:38:21 +00:00
parent 55a1fb6f9c
commit 853668e492
Failed to generate hash of commit
23 changed files with 103 additions and 240 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/abstractions/bus/org.freedesktop.ColorManager
View file

@ -7,6 +7,11 @@
member=GetAll
peer=(name=:*, label=colord),
dbus send bus=system path=/org/freedesktop/ColorManager/devices/*
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=colord),
dbus send bus=system path=/org/freedesktop/ColorManager
interface=org.freedesktop.ColorManager
member=CreateDevice

5
apparmor.d/abstractions/bus/org.freedesktop.GeoClue2
View file

@ -27,4 +27,9 @@
member=AddAgent
peer=(name=:*, label=geoclue),
dbus receive bus=system path=/org/freedesktop/GeoClue2/Manager
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=:*, label=geoclue),
include if exists <abstractions/bus/org.freedesktop.GeoClue2.d>

4
apparmor.d/abstractions/bus/org.freedesktop.login1.Session
View file

@ -14,7 +14,7 @@
dbus send bus=system path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness}
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint}
peer=(name=:*, label=systemd-logind),
dbus receive bus=system path=/org/freedesktop/login1/session/*
@ -24,7 +24,7 @@
dbus receive bus=system path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member=PauseDevice
member={PauseDevice,Unlock}
peer=(name=:*, label=systemd-logind),
include if exists <abstractions/bus/org.freedesktop.login1.Session.d>

20
apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor Normal file
View file

@ -0,0 +1,20 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member={AddIdleWatch,AddUserActiveWatch,RemoveWatch}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member=WatchFired
peer=(name=:*, label=gnome-shell),
include if exists <abstractions/bus/org.gnome.Mutter.IdleMonitor.d>

5
apparmor.d/abstractions/bus/org.gnome.SessionManager
View file

@ -7,6 +7,11 @@
member={RegisterClient,IsSessionRunning}
peer=(name=:*, label=gnome-session-binary),
dbus send bus=session path=/org/gnome/SessionManager
interface=org.gnome.SessionManager
member=Setenv
peer=(name=org.gnome.SessionManager, label=gnome-session-binary),
dbus receive bus=session path=/org/gnome/SessionManager
interface=org.gnome.SessionManager
member={ClientAdded,ClientRemoved,SessionRunning,InhibitorRemoved,InhibitorAdded}

25
apparmor.d/abstractions/bus/org.gnome.Shell.Introspect Normal file
View file

@ -0,0 +1,25 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.gnome.Shell.Introspect, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
member=GetRunningApplications
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
member={RunningApplicationsChanged,WindowsChanged}
peer=(name=:*, label=gnome-shell),
include if exists <abstractions/bus/org.gnome.Shell.Introspect.d>

16
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -14,6 +14,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
include <abstractions/bus/org.freedesktop.Accounts>
include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
include <abstractions/bus/org.gnome.Shell.Introspect>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/deny-sensitive-home>
@ -36,21 +37,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
member=GetRunningApplications
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
member={RunningApplicationsChanged,WindowsChanged}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/freedesktop/portal/desktop
interface=org.freedesktop.impl.portal.Background
member=RunningApplicationsChanged

11
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View file

@ -18,6 +18,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.gnome.ScreenSaver>
include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/bus/org.gnome.Shell.Introspect>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/dri-common>
@ -40,16 +41,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
interface=org.freedesktop.impl.portal.Settings
peer=(name=:*),
dbus receive bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
member={RunningApplicationsChanged,WindowsChanged}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gtk/Notifications
interface=org.freedesktop.DBus.Properties
member=GetAll

13
apparmor.d/groups/gnome/gjs-console
View file

@ -15,6 +15,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/bus/org.gnome.Shell.Introspect>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
@ -70,18 +71,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=gnome-shell),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
dbus (send, receive) bus=session path=/org/gnome/Shell/Introspect
interface=org.gnome.Shell.Introspect
peer=(name=:*, label=gnome-shell),
dbus (send, receive) bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
@{bin}/ r,
@{bin}/[a-z0-9]* rPUx,

36
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -16,6 +16,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.freedesktop.login1.Session>
include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.systemd1-session>
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
include <abstractions/bus/org.gnome.ScreenSaver>
include <abstractions/dconf-write>
include <abstractions/dri-common>
@ -35,30 +36,20 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
signal (send) set=(term) peer=at-spi-bus-launcher,
signal (send) set=(term) peer=gsd-*,
dbus bind bus=session name=org.gnome.SessionManager,
dbus bind bus=session name=org.gnome.SessionManager{,.*},
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
interface=org.freedesktop.DBus.Properties
peer=(name=:*),
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
interface=org.gnome.SessionManager
interface=org.gnome.SessionManager{,.*}
peer=(name=:*),
dbus send bus=session path=/org/gnome/SessionManager{,/**}
interface=org.freedesktop.DBus.Properties
peer=(name=org.freedesktop.DBus),
dbus send bus=session path=/org/gnome/SessionManager{,/**}
interface=org.gnome.SessionManager
peer=(name=org.freedesktop.DBus,),
dbus send bus=session path=/org/gnome/SessionManager/Presence
interface=org.gnome.SessionManager.Presence
member=StatusChanged
interface=org.gnome.SessionManager{,.*}
peer=(name=org.freedesktop.DBus),
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member=WatchFired
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment}
@ -66,10 +57,10 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager
member={CanPowerOff,GetSession,PowerOff,Inhibit,Reboot}
member={CanPowerOff,PowerOff,Reboot}
peer=(name=:*, label=systemd-logind),
dbus send bus=system path=/org/freedesktop/login1/session/*
dbus send bus=system path=/org/freedesktop/login1/session/c1
interface=org.freedesktop.login1.Session
member=SetIdleHint
peer=(name=org.freedesktop.login1, label=systemd-logind),
@ -78,21 +69,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.systemd1.Manager
peer=(name=org.freedesktop.systemd1, label=@{systemd}),
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member={AddIdleWatch,AddUserActiveWatch,RemoveWatch}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member=WatchFired
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
@{bin}/{,z,ba,da}sh rix,

5
apparmor.d/groups/gnome/gnome-terminal-server
View file

@ -43,11 +43,6 @@ profile gnome-terminal-server @{exec_path} {
member=StartTransientUnit
peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
# The shell is not confined on purpose.

15
apparmor.d/groups/gnome/gsd-color
View file

@ -19,10 +19,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
include <abstractions/wayland>
signal (receive) set=(term, hup) peer=gdm*,
@ -32,19 +30,10 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icons/{,**} r,
/usr/share/mime/mime.cache r,
/usr/share/X11/xkb/** r,
/etc/timezone r,
@ -57,8 +46,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/icc/ rw,
owner @{user_share_dirs}/icc/edid-*.icc rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner /dev/tty@{int} rw,
include if exists <local/gsd-color>

22
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -16,6 +16,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.hostname1>
include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
@ -46,17 +47,14 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties
member={GetAll,PropertiesChanged}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell
interface=org.gnome.Shell
member={GrabAccelerators,UngrabAccelerators}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties
member={GetAll,PropertiesChanged}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell
interface=org.gnome.Shell
member=AcceleratorActivated
@ -86,16 +84,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
member=PropertiesChanged
peer=(name=:*, label=gsd-power),
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
member=WatchFired
peer=(name=:*, label=gnome-shell),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,

53
apparmor.d/groups/gnome/gsd-power
View file

@ -17,8 +17,10 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.login1.Session>
include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.systemd1>
include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
include <abstractions/bus/org.gnome.ScreenSaver>
include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/bus/org.gtk.vfs.MountTracker>
@ -36,21 +38,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.Properties
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"),
dbus send bus=session path=/org/gnome/Mutter/**
interface=org.freedesktop.DBus.{Properties,ObjectManager}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Mutter/**
interface=org.gnome.Mutter.DisplayConfig
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Mutter/**
interface=org.gnome.Mutter.IdleMonitor
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig
interface=org.gnome.Mutter.DisplayConfig
member=MonitorsChanged
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
interface=org.gnome.Mutter.IdleMonitor
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
interface=org.freedesktop.DBus.Properties
member=Set
peer=(name=:*, label=gnome-shell),
dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight
@ -58,39 +48,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
member=GetBrightness
peer=(name=:*, label=upowerd),
dbus send bus=system path=/org/freedesktop/systemd1
interface=org.freedesktop.DBus.Properties
member=Get,
dbus send bus=system path=/org/freedesktop/login1/session/auto
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=systemd-logind),
dbus send bus=system path=/org/freedesktop/login1/session/auto
interface=org.freedesktop.login1.Session
member=SetBrightness
peer=(name=:*, label=systemd-logind),
dbus send bus=system path=/net/hadess/PowerProfiles
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=power-profiles-daemon),
dbus send bus=system path=/org/freedesktop/login1/session/auto
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=systemd-logind),
dbus send bus=system path=/org/freedesktop/login1/session/auto
interface=org.freedesktop.login1.Session
member=SetBrightness
peer=(name=:*, label=systemd-logind),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,

2
apparmor.d/groups/gnome/gsd-rfkill
View file

@ -23,7 +23,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
dbus bind bus=session name=org.gnome.SettingsDaemon.Rfkill,
dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill
interface=org.freedesktop.DBus.Properties
peer=(name=:*),
peer=(name=:*),
dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
interface=org.freedesktop.DBus.Properties
peer=(name=org.freedesktop.DBus),

44
apparmor.d/groups/gnome/gsd-sharing
View file

@ -19,46 +19,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
dbus bind bus=session name=org.gnome.SettingsDaemon.Sharing,
dbus send bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
member={InterfacesAdded,InterfacesRemoved}
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
interface=org.freedesktop.NetworkManager.Connection.Active
member=StateChanged
peer=(name=:*, label=NetworkManager),
dbus send bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]*
interface=org.freedesktop.NetworkManager.Settings.Connection
member=GetSettings
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]*
interface=org.freedesktop.NetworkManager.Settings.Connection
member=Updated
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=:*, label=NetworkManager),
dbus send bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=GetPermissions
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=CheckPermissions
peer=(name=:*, label=NetworkManager),
dbus send bus=session path=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager
member=StopUnit
@ -69,10 +29,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
member=Introspect
peer=(name=:*, label=gnome-shell),
dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
interface=org.freedesktop.NetworkManager.Connection.Active
member=StateChanged,
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,

6
apparmor.d/groups/gnome/gsd-smartcard
View file

@ -24,8 +24,10 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
peer=(name=:*),
dbus send bus=session path=/org/gnome/SettingsDaemon/Smartcard
interface=org.freedesktop.DBus.Properties
peer=(name=org.freedesktop.DBus),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable

3
apparmor.d/groups/gnome/gsd-wacom
View file

@ -26,8 +26,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom,
dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
peer=(name=:*),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable

11
apparmor.d/groups/gnome/gsd-xsettings
View file

@ -16,6 +16,7 @@ profile gsd-xsettings @{exec_path} {
include <abstractions/bus/org.freedesktop.Accounts>
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/bus/org.gnome.Shell.Introspect>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/dri-common>
@ -43,11 +44,6 @@ profile gsd-xsettings @{exec_path} {
dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
dbus send bus=session path=/org/gnome/Shell/Introspect
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.gnome.Shell.Introspect, label=gnome-shell),
dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
interface=org.freedesktop.Accounts.User
member=SetInputSources
@ -58,11 +54,6 @@ profile gsd-xsettings @{exec_path} {
member=GetId
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
@{bin}/cat rix,

2
apparmor.d/groups/kde/kwin_x11
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/kwin_x11
profile kwin_x11 @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/bus-system>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>

14
apparmor.d/profiles-a-f/bluetoothd
View file

@ -22,18 +22,12 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
network alg seqpacket,
network netlink raw,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus send bus=system path=/org/bluez/hci0
dbus bind bus=system name=org.bluez,
dbus send bus=system path=/org/bluez{,/**}
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=org.freedesktop.DBus),
dbus receive bus=system path=/org/bluez{,**}
interface=org.bluez.Media1
member=RegisterApplication
dbus receive bus=system path=/org/bluez{,/**}
interface=org.bluez{,.*}
peer=(name=:*),
@{exec_path} mr,

14
apparmor.d/profiles-a-f/boltd
View file

@ -18,14 +18,12 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
network netlink raw,
dbus bind bus=system name=org.freedesktop.bolt,
dbus receive bus=system path=/org/freedesktop/bolt
interface=org.freedesktop.bolt1.Manager
member=ListDevices,
dbus receive bus=system path=/org/freedesktop/bolt
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus (send, receive) bus=system path=/org/freedesktop/bolt
interface=org.freedesktop.bolt1{,.*}
peer=(name=:*),
dbus (send, receive) bus=system path=/org/freedesktop/bolt
interface=org.freedesktop.DBus.Properties
peer=(name=:*),
@{exec_path} mr,

12
apparmor.d/profiles-a-f/fwupd
View file

@ -34,15 +34,9 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
network netlink raw,
dbus bind bus=system name=org.freedesktop.fwupd,
dbus receive bus=system path=/
interface=org.freedesktop.fwupd
peer=(name=:*, label=fwupdmgr),
dbus receive bus=system path=/
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=fwupdmgr),
dbus send bus=system path=/
interface=org.freedesktop.DBus
peer=(name=:*, label=fwupdmgr),
dbus (send, receive) bus=session path=/
interface={org.freedesktop.fwupd,org.freedesktop.DBus}
peer=(name="{:*,org.freedesktop.fwupd,org.freedesktop.DBus}"),
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus