mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(dbus): improve dbus integration.
This commit is contained in:
Alexandre Pujol
parent
55a1fb6f9c
commit
853668e492
23 changed files with 103 additions and 240 deletions
|
|
@ -7,6 +7,11 @@
|
||||||
member=GetAll
|
member=GetAll
|
||||||
peer=(name=:*, label=colord),
|
peer=(name=:*, label=colord),
|
||||||
|
|
||||||
|
dbus send bus=system path=/org/freedesktop/ColorManager/devices/*
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=GetAll
|
||||||
|
peer=(name=:*, label=colord),
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/ColorManager
|
dbus send bus=system path=/org/freedesktop/ColorManager
|
||||||
interface=org.freedesktop.ColorManager
|
interface=org.freedesktop.ColorManager
|
||||||
member=CreateDevice
|
member=CreateDevice
|
||||||
|
|
|
||||||
|
|
@ -27,4 +27,9 @@
|
||||||
member=AddAgent
|
member=AddAgent
|
||||||
peer=(name=:*, label=geoclue),
|
peer=(name=:*, label=geoclue),
|
||||||
|
|
||||||
|
dbus receive bus=system path=/org/freedesktop/GeoClue2/Manager
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=PropertiesChanged
|
||||||
|
peer=(name=:*, label=geoclue),
|
||||||
|
|
||||||
include if exists <abstractions/bus/org.freedesktop.GeoClue2.d>
|
include if exists <abstractions/bus/org.freedesktop.GeoClue2.d>
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/*
|
dbus send bus=system path=/org/freedesktop/login1/session/*
|
||||||
interface=org.freedesktop.login1.Session
|
interface=org.freedesktop.login1.Session
|
||||||
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness}
|
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint}
|
||||||
peer=(name=:*, label=systemd-logind),
|
peer=(name=:*, label=systemd-logind),
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||||
interface=org.freedesktop.login1.Session
|
interface=org.freedesktop.login1.Session
|
||||||
member=PauseDevice
|
member={PauseDevice,Unlock}
|
||||||
peer=(name=:*, label=systemd-logind),
|
peer=(name=:*, label=systemd-logind),
|
||||||
|
|
||||||
include if exists <abstractions/bus/org.freedesktop.login1.Session.d>
|
include if exists <abstractions/bus/org.freedesktop.login1.Session.d>
|
||||||
|
|
|
||||||
20
apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor
Normal file
20
apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
|
||||||
|
interface=org.freedesktop.DBus.ObjectManager
|
||||||
|
member=GetManagedObjects
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
||||||
|
interface=org.gnome.Mutter.IdleMonitor
|
||||||
|
member={AddIdleWatch,AddUserActiveWatch,RemoveWatch}
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
||||||
|
interface=org.gnome.Mutter.IdleMonitor
|
||||||
|
member=WatchFired
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
include if exists <abstractions/bus/org.gnome.Mutter.IdleMonitor.d>
|
||||||
|
|
@ -7,6 +7,11 @@
|
||||||
member={RegisterClient,IsSessionRunning}
|
member={RegisterClient,IsSessionRunning}
|
||||||
peer=(name=:*, label=gnome-session-binary),
|
peer=(name=:*, label=gnome-session-binary),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/SessionManager
|
||||||
|
interface=org.gnome.SessionManager
|
||||||
|
member=Setenv
|
||||||
|
peer=(name=org.gnome.SessionManager, label=gnome-session-binary),
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/SessionManager
|
dbus receive bus=session path=/org/gnome/SessionManager
|
||||||
interface=org.gnome.SessionManager
|
interface=org.gnome.SessionManager
|
||||||
member={ClientAdded,ClientRemoved,SessionRunning,InhibitorRemoved,InhibitorAdded}
|
member={ClientAdded,ClientRemoved,SessionRunning,InhibitorRemoved,InhibitorAdded}
|
||||||
|
|
|
||||||
25
apparmor.d/abstractions/bus/org.gnome.Shell.Introspect
Normal file
25
apparmor.d/abstractions/bus/org.gnome.Shell.Introspect
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Shell/Introspect
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=GetAll
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Shell/Introspect
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=Get
|
||||||
|
peer=(name=org.gnome.Shell.Introspect, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Shell/Introspect
|
||||||
|
interface=org.gnome.Shell.Introspect
|
||||||
|
member=GetRunningApplications
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
dbus receive bus=session path=/org/gnome/Shell/Introspect
|
||||||
|
interface=org.gnome.Shell.Introspect
|
||||||
|
member={RunningApplicationsChanged,WindowsChanged}
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
|
include if exists <abstractions/bus/org.gnome.Shell.Introspect.d>
|
||||||
|
|
@ -14,6 +14,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
||||||
include <abstractions/bus/org.freedesktop.Accounts>
|
include <abstractions/bus/org.freedesktop.Accounts>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
||||||
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/deny-sensitive-home>
|
include <abstractions/deny-sensitive-home>
|
||||||
|
|
@ -36,21 +37,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
||||||
member=GetAll
|
member=GetAll
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.gnome.Shell.Introspect
|
|
||||||
member=GetRunningApplications
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.gnome.Shell.Introspect
|
|
||||||
member={RunningApplicationsChanged,WindowsChanged}
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/freedesktop/portal/desktop
|
dbus send bus=session path=/org/freedesktop/portal/desktop
|
||||||
interface=org.freedesktop.impl.portal.Background
|
interface=org.freedesktop.impl.portal.Background
|
||||||
member=RunningApplicationsChanged
|
member=RunningApplicationsChanged
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/bus/org.gnome.ScreenSaver>
|
include <abstractions/bus/org.gnome.ScreenSaver>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
|
|
@ -40,16 +41,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
||||||
interface=org.freedesktop.impl.portal.Settings
|
interface=org.freedesktop.impl.portal.Settings
|
||||||
peer=(name=:*),
|
peer=(name=:*),
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.gnome.Shell.Introspect
|
|
||||||
member={RunningApplicationsChanged,WindowsChanged}
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gtk/Notifications
|
dbus send bus=session path=/org/gtk/Notifications
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=GetAll
|
member=GetAll
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
include <abstractions/dri-enumerate>
|
include <abstractions/dri-enumerate>
|
||||||
|
|
@ -70,18 +71,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus (send, receive) bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.gnome.Shell.Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
dbus (send, receive) bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
@{bin}/[a-z0-9]* rPUx,
|
@{bin}/[a-z0-9]* rPUx,
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/bus/org.freedesktop.login1.Session>
|
include <abstractions/bus/org.freedesktop.login1.Session>
|
||||||
include <abstractions/bus/org.freedesktop.login1>
|
include <abstractions/bus/org.freedesktop.login1>
|
||||||
include <abstractions/bus/org.freedesktop.systemd1-session>
|
include <abstractions/bus/org.freedesktop.systemd1-session>
|
||||||
|
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
|
||||||
include <abstractions/bus/org.gnome.ScreenSaver>
|
include <abstractions/bus/org.gnome.ScreenSaver>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
|
|
@ -35,30 +36,20 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
signal (send) set=(term) peer=at-spi-bus-launcher,
|
signal (send) set=(term) peer=at-spi-bus-launcher,
|
||||||
signal (send) set=(term) peer=gsd-*,
|
signal (send) set=(term) peer=gsd-*,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.SessionManager,
|
dbus bind bus=session name=org.gnome.SessionManager{,.*},
|
||||||
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
peer=(name=:*),
|
peer=(name=:*),
|
||||||
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
||||||
interface=org.gnome.SessionManager
|
interface=org.gnome.SessionManager{,.*}
|
||||||
peer=(name=:*),
|
peer=(name=:*),
|
||||||
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
peer=(name=org.freedesktop.DBus),
|
peer=(name=org.freedesktop.DBus),
|
||||||
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
||||||
interface=org.gnome.SessionManager
|
interface=org.gnome.SessionManager{,.*}
|
||||||
peer=(name=org.freedesktop.DBus,),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/SessionManager/Presence
|
|
||||||
interface=org.gnome.SessionManager.Presence
|
|
||||||
member=StatusChanged
|
|
||||||
peer=(name=org.freedesktop.DBus),
|
peer=(name=org.freedesktop.DBus),
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
member=WatchFired
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/freedesktop/DBus
|
dbus send bus=session path=/org/freedesktop/DBus
|
||||||
interface=org.freedesktop.DBus
|
interface=org.freedesktop.DBus
|
||||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment}
|
member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment}
|
||||||
|
|
@ -66,10 +57,10 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1
|
dbus send bus=system path=/org/freedesktop/login1
|
||||||
interface=org.freedesktop.login1.Manager
|
interface=org.freedesktop.login1.Manager
|
||||||
member={CanPowerOff,GetSession,PowerOff,Inhibit,Reboot}
|
member={CanPowerOff,PowerOff,Reboot}
|
||||||
peer=(name=:*, label=systemd-logind),
|
peer=(name=:*, label=systemd-logind),
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/*
|
dbus send bus=system path=/org/freedesktop/login1/session/c1
|
||||||
interface=org.freedesktop.login1.Session
|
interface=org.freedesktop.login1.Session
|
||||||
member=SetIdleHint
|
member=SetIdleHint
|
||||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||||
|
|
@ -78,21 +69,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
interface=org.freedesktop.systemd1.Manager
|
interface=org.freedesktop.systemd1.Manager
|
||||||
peer=(name=org.freedesktop.systemd1, label=@{systemd}),
|
peer=(name=org.freedesktop.systemd1, label=@{systemd}),
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
|
|
||||||
interface=org.freedesktop.DBus.ObjectManager
|
|
||||||
member=GetManagedObjects
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
member={AddIdleWatch,AddUserActiveWatch,RemoveWatch}
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
member=WatchFired
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{bin}/{,z,ba,da}sh rix,
|
@{bin}/{,z,ba,da}sh rix,
|
||||||
|
|
|
||||||
|
|
@ -43,11 +43,6 @@ profile gnome-terminal-server @{exec_path} {
|
||||||
member=StartTransientUnit
|
member=StartTransientUnit
|
||||||
peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
|
peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
# The shell is not confined on purpose.
|
# The shell is not confined on purpose.
|
||||||
|
|
|
||||||
|
|
@ -19,10 +19,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
include <abstractions/fonts>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/gtk>
|
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/wayland>
|
|
||||||
|
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
|
|
@ -32,19 +30,10 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
||||||
member=GetAll
|
member=GetAll
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/icons/{,**} r,
|
|
||||||
/usr/share/mime/mime.cache r,
|
|
||||||
/usr/share/X11/xkb/** r,
|
|
||||||
|
|
||||||
/etc/timezone r,
|
/etc/timezone r,
|
||||||
|
|
||||||
|
|
@ -57,8 +46,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{user_share_dirs}/icc/ rw,
|
owner @{user_share_dirs}/icc/ rw,
|
||||||
owner @{user_share_dirs}/icc/edid-*.icc rw,
|
owner @{user_share_dirs}/icc/edid-*.icc rw,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
|
||||||
|
|
||||||
owner /dev/tty@{int} rw,
|
owner /dev/tty@{int} rw,
|
||||||
|
|
||||||
include if exists <local/gsd-color>
|
include if exists <local/gsd-color>
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/bus/org.freedesktop.hostname1>
|
include <abstractions/bus/org.freedesktop.hostname1>
|
||||||
include <abstractions/bus/org.freedesktop.login1>
|
include <abstractions/bus/org.freedesktop.login1>
|
||||||
|
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
@ -46,17 +47,14 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=GetAll
|
member=GetAll
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Shell
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member={GetAll,PropertiesChanged}
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Shell
|
dbus send bus=session path=/org/gnome/Shell
|
||||||
interface=org.gnome.Shell
|
interface=org.gnome.Shell
|
||||||
member={GrabAccelerators,UngrabAccelerators}
|
member={GrabAccelerators,UngrabAccelerators}
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
dbus receive bus=session path=/org/gnome/Shell
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member={GetAll,PropertiesChanged}
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
dbus receive bus=session path=/org/gnome/Shell
|
dbus receive bus=session path=/org/gnome/Shell
|
||||||
interface=org.gnome.Shell
|
interface=org.gnome.Shell
|
||||||
member=AcceleratorActivated
|
member=AcceleratorActivated
|
||||||
|
|
@ -86,16 +84,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
||||||
member=PropertiesChanged
|
member=PropertiesChanged
|
||||||
peer=(name=:*, label=gsd-power),
|
peer=(name=:*, label=gsd-power),
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
member=WatchFired
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
||||||
|
|
|
||||||
|
|
@ -17,8 +17,10 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/bus/org.freedesktop.login1.Session>
|
include <abstractions/bus/org.freedesktop.login1.Session>
|
||||||
include <abstractions/bus/org.freedesktop.login1>
|
include <abstractions/bus/org.freedesktop.login1>
|
||||||
|
include <abstractions/bus/org.freedesktop.systemd1>
|
||||||
include <abstractions/bus/org.freedesktop.UPower>
|
include <abstractions/bus/org.freedesktop.UPower>
|
||||||
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
||||||
|
include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
|
||||||
include <abstractions/bus/org.gnome.ScreenSaver>
|
include <abstractions/bus/org.gnome.ScreenSaver>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
|
|
@ -36,21 +38,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"),
|
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"),
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Mutter/**
|
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||||
interface=org.freedesktop.DBus.{Properties,ObjectManager}
|
interface=org.freedesktop.DBus.Properties
|
||||||
peer=(name=:*, label=gnome-shell),
|
member=Set
|
||||||
dbus send bus=session path=/org/gnome/Mutter/**
|
|
||||||
interface=org.gnome.Mutter.DisplayConfig
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
dbus send bus=session path=/org/gnome/Mutter/**
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig
|
|
||||||
interface=org.gnome.Mutter.DisplayConfig
|
|
||||||
member=MonitorsChanged
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
|
||||||
interface=org.gnome.Mutter.IdleMonitor
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight
|
dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight
|
||||||
|
|
@ -58,39 +48,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
||||||
member=GetBrightness
|
member=GetBrightness
|
||||||
peer=(name=:*, label=upowerd),
|
peer=(name=:*, label=upowerd),
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/systemd1
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=Get,
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=systemd-logind),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
|
||||||
interface=org.freedesktop.login1.Session
|
|
||||||
member=SetBrightness
|
|
||||||
peer=(name=:*, label=systemd-logind),
|
|
||||||
|
|
||||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=power-profiles-daemon),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=GetAll
|
|
||||||
peer=(name=:*, label=systemd-logind),
|
|
||||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
|
||||||
interface=org.freedesktop.login1.Session
|
|
||||||
member=SetBrightness
|
|
||||||
peer=(name=:*, label=systemd-logind),
|
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
|
|
|
||||||
|
|
@ -19,46 +19,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Sharing,
|
dbus bind bus=session name=org.gnome.SettingsDaemon.Sharing,
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop
|
|
||||||
interface=org.freedesktop.DBus.ObjectManager
|
|
||||||
member=GetManagedObjects
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop
|
|
||||||
interface=org.freedesktop.DBus.ObjectManager
|
|
||||||
member={InterfacesAdded,InterfacesRemoved}
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
|
|
||||||
interface=org.freedesktop.NetworkManager.Connection.Active
|
|
||||||
member=StateChanged
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]*
|
|
||||||
interface=org.freedesktop.NetworkManager.Settings.Connection
|
|
||||||
member=GetSettings
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]*
|
|
||||||
interface=org.freedesktop.NetworkManager.Settings.Connection
|
|
||||||
member=Updated
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=PropertiesChanged
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
|
||||||
interface=org.freedesktop.NetworkManager
|
|
||||||
member=GetPermissions
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
|
||||||
interface=org.freedesktop.NetworkManager
|
|
||||||
member=CheckPermissions
|
|
||||||
peer=(name=:*, label=NetworkManager),
|
|
||||||
|
|
||||||
dbus send bus=session path=/org/freedesktop/systemd1
|
dbus send bus=session path=/org/freedesktop/systemd1
|
||||||
interface=org.freedesktop.systemd1.Manager
|
interface=org.freedesktop.systemd1.Manager
|
||||||
member=StopUnit
|
member=StopUnit
|
||||||
|
|
@ -69,10 +29,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
|
||||||
member=Introspect
|
member=Introspect
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
|
|
||||||
interface=org.freedesktop.NetworkManager.Connection.Active
|
|
||||||
member=StateChanged,
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
|
|
|
||||||
|
|
@ -24,8 +24,10 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
|
dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=GetAll
|
peer=(name=:*),
|
||||||
peer=(name=:*, label=gnome-shell),
|
dbus send bus=session path=/org/gnome/SettingsDaemon/Smartcard
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
peer=(name=org.freedesktop.DBus),
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
|
|
|
||||||
|
|
@ -26,8 +26,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
||||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom,
|
dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom,
|
||||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
|
dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=GetAll
|
peer=(name=:*),
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ profile gsd-xsettings @{exec_path} {
|
||||||
include <abstractions/bus/org.freedesktop.Accounts>
|
include <abstractions/bus/org.freedesktop.Accounts>
|
||||||
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
|
|
@ -43,11 +44,6 @@ profile gsd-xsettings @{exec_path} {
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
|
dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Shell/Introspect
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
member=Get
|
|
||||||
peer=(name=org.gnome.Shell.Introspect, label=gnome-shell),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
|
dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
|
||||||
interface=org.freedesktop.Accounts.User
|
interface=org.freedesktop.Accounts.User
|
||||||
member=SetInputSources
|
member=SetInputSources
|
||||||
|
|
@ -58,11 +54,6 @@ profile gsd-xsettings @{exec_path} {
|
||||||
member=GetId
|
member=GetId
|
||||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{bin}/cat rix,
|
@{bin}/cat rix,
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ include <tunables/global>
|
||||||
@{exec_path} = @{bin}/kwin_x11
|
@{exec_path} = @{bin}/kwin_x11
|
||||||
profile kwin_x11 @{exec_path} {
|
profile kwin_x11 @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dbus-strict>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
include <abstractions/dri-enumerate>
|
include <abstractions/dri-enumerate>
|
||||||
include <abstractions/fonts>
|
include <abstractions/fonts>
|
||||||
|
|
|
||||||
|
|
@ -22,18 +22,12 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
|
||||||
network alg seqpacket,
|
network alg seqpacket,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/DBus
|
dbus bind bus=system name=org.bluez,
|
||||||
interface=org.freedesktop.DBus
|
dbus send bus=system path=/org/bluez{,/**}
|
||||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/bluez/hci0
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=PropertiesChanged
|
|
||||||
peer=(name=org.freedesktop.DBus),
|
peer=(name=org.freedesktop.DBus),
|
||||||
|
dbus receive bus=system path=/org/bluez{,/**}
|
||||||
dbus receive bus=system path=/org/bluez{,**}
|
interface=org.bluez{,.*}
|
||||||
interface=org.bluez.Media1
|
|
||||||
member=RegisterApplication
|
|
||||||
peer=(name=:*),
|
peer=(name=:*),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
|
||||||
|
|
@ -18,14 +18,12 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
dbus bind bus=system name=org.freedesktop.bolt,
|
dbus bind bus=system name=org.freedesktop.bolt,
|
||||||
|
dbus (send, receive) bus=system path=/org/freedesktop/bolt
|
||||||
dbus receive bus=system path=/org/freedesktop/bolt
|
interface=org.freedesktop.bolt1{,.*}
|
||||||
interface=org.freedesktop.bolt1.Manager
|
peer=(name=:*),
|
||||||
member=ListDevices,
|
dbus (send, receive) bus=system path=/org/freedesktop/bolt
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/bolt
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
interface=org.freedesktop.DBus.Properties
|
||||||
member=GetAll,
|
peer=(name=:*),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,15 +34,9 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
dbus bind bus=system name=org.freedesktop.fwupd,
|
dbus bind bus=system name=org.freedesktop.fwupd,
|
||||||
dbus receive bus=system path=/
|
dbus (send, receive) bus=session path=/
|
||||||
interface=org.freedesktop.fwupd
|
interface={org.freedesktop.fwupd,org.freedesktop.DBus}
|
||||||
peer=(name=:*, label=fwupdmgr),
|
peer=(name="{:*,org.freedesktop.fwupd,org.freedesktop.DBus}"),
|
||||||
dbus receive bus=system path=/
|
|
||||||
interface=org.freedesktop.DBus.Properties
|
|
||||||
peer=(name=:*, label=fwupdmgr),
|
|
||||||
dbus send bus=system path=/
|
|
||||||
interface=org.freedesktop.DBus
|
|
||||||
peer=(name=:*, label=fwupdmgr),
|
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/DBus
|
dbus send bus=system path=/org/freedesktop/DBus
|
||||||
interface=org.freedesktop.DBus
|
interface=org.freedesktop.DBus
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue