mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-11 12:45:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): add localsearch (renamed from tracker-extract

Browse source 
localsearch is the new name of  tracker-extract. The profile for  tracker-extract is kept as they will differ in the future.
This commit is contained in:
Alexandre Pujol 2025-02-09 20:32:06 +01:00
parent 63cbf2829b
commit 86906d2601
Failed to generate hash of commit
3 changed files with 111 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
apparmor.d/groups/gnome/localsearch Normal file
View file

@ -0,0 +1,69 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/localsearch @{lib}/localsearch-3
profile localsearch @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
include <abstractions/bus/org.gtk.vfs.Daemon>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/deny-sensitive-home>
include <abstractions/disks-read>
include <abstractions/freedesktop.org>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/gstreamer>
include <abstractions/nameservice-strict>
network netlink raw,
#aa:dbus own bus=session name=org.freedesktop.LocalSearch3
@{exec_path} mr,
@{lib}/localsearch-extractor-3 ix, # nnp
/usr/share/localsearch3/{,**} r,
/usr/share/poppler/{,**} r,
# Allow to search user files
owner @{HOME}/ r,
owner @{HOME}/{,**} r,
owner @{MOUNTS}/{,**} r,
owner @{tmp}/*/{,**} r,
owner @{user_cache_dirs}/tracker3/ rw,
owner @{user_cache_dirs}/tracker3/files/ rw,
owner @{user_cache_dirs}/tracker3/files/** rwk,
owner /var/tmp/etilqs_@{hex15} rw,
owner /var/tmp/etilqs_@{hex16} rw,
owner @{tmp}/etilqs_@{hex15} rw,
owner @{tmp}/etilqs_@{hex16} rw,
@{run}/mount/utab r,
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{PROC}/sys/fs/fanotify/max_user_marks r,
@{PROC}/sys/fs/inotify/max_user_watches r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/media@{int} rw,
/dev/video@{int} rw,
include if exists <local/localsearch>
}
# vim:syntax=apparmor

21
apparmor.d/groups/gnome/localsearch-control Normal file
View file

@ -0,0 +1,21 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{lib}/localsearch-control-3
profile localsearch-control @{exec_path} {
include <abstractions/base>
include <abstractions/bus-session>
#aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Files.Control
@{exec_path} mr,
include if exists <local/localsearch-control>
}
# vim:syntax=apparmor

21
apparmor.d/groups/gnome/localsearch-writeback Normal file
View file

@ -0,0 +1,21 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{lib}/localsearch-writeback-3
profile localsearch-writeback @{exec_path} {
include <abstractions/base>
include <abstractions/bus-session>
#aa:dbus own bus=session name=org.freedesktop.LocalSearch3.Writeback
@{exec_path} mr,
include if exists <local/localsearch-writeback>
}
# vim:syntax=apparmor