feat(dbus): add new dbus abstraction

2024-11-15 07:54:17 +01:00 · 2023-12-05 20:30:34 +00:00 · 2023-12-05 20:30:34 +00:00 · 95b62568b1
commit 95b62568b1
parent 94ff73c51b
5 changed files with 70 additions and 0 deletions
--- a/apparmor.d/abstractions/bus/avahi
+++ b/apparmor.d/abstractions/bus/avahi
@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/
+       interface=org.freedesktop.DBus.Peer
+       member=Ping
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+
+  dbus send bus=system path=/
+       interface=org.freedesktop.Avahi.Server
+       member={GetAPIVersion,GetState,Service*New}
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+
+  dbus send bus=system path=/Client@{int}/ServiceBrowser@{int}
+       interface=org.freedesktop.Avahi.ServiceBrowser
+       member=Free
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+
+  dbus receive bus=system path=/Client@{int}/ServiceBrowser@{int}
+       interface=org.freedesktop.Avahi.ServiceBrowser
+       member={ItemNew,AllForNow,CacheExhausted}
+       peer=(name=:*, label=avahi-daemon),
+
+  include if exists <abstractions/bus/avahi.d>
--- a/apparmor.d/abstractions/bus/bluetooth
+++ b/apparmor.d/abstractions/bus/bluetooth
@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus receive bus=system path=/org/bluez/hci@{int}{,/**}
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name=:*, label=bluetoothd),
+
+  include if exists <abstractions/bus/bluetooth.d>
--- a/apparmor.d/abstractions/bus/modem-manager
+++ b/apparmor.d/abstractions/bus/modem-manager
@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/ModemManager1
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=:*, label=ModemManager),
+
+  dbus send bus=system path=/org/freedesktop/ModemManager1
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=ModemManager),
+
+  include if exists <abstractions/bus/modem-manager.d>
--- a/apparmor.d/abstractions/bus/timedate
+++ b/apparmor.d/abstractions/bus/timedate
@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/timedate1
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=systemd-timedated),
+
+  include if exists <abstractions/bus/timedate.d>
--- a/apparmor.d/abstractions/bus/wpa-supplicant
+++ b/apparmor.d/abstractions/bus/wpa-supplicant
@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/fi/w1/wpa_supplicant1
+       interface=org.freedesktop.DBus.Properties
+       member={GetAll,PropertiesChanged}
+       peer=(name=:*, label=wpa-supplicant),
+
+  include if exists <abstractions/bus/wpa-supplicant.d>