feat(tunable): reorganise program & path defintions.

apparmor.d/tunables/multiarch.d/paths

@@ -4,58 +4,50 @@
 
 # Define some paths for some commonly used programs
 
-# Default distribution shells
-@{sh} = sh bash dash
+# Shells
 @{sh_path} = @{bin}/@{sh}
-
-# All interactive shells users may want to use
-@{shells} = sh zsh bash dash fish rbash ksh tcsh csh
 @{shells_path} = @{bin}/@{shells}
 
+# Coreutils programs that should not have dedicated profile
+@{coreutils_path} = @{bin}/@{coreutils}
+
 # Browsers
-
-@{brave_name} = brave{,-beta,-dev,-bin}
-@{brave_lib_dirs} = /opt/brave{-bin,.com}{,/@{brave_name}}
 @{brave_path} =  @{brave_lib_dirs}/@{brave_name}
-
-@{chrome_name} = chrome{,-beta,-stable,-unstable}
-@{chrome_lib_dirs} = /opt/google/@{chrome_name}
 @{chrome_path} =  @{opera_lib_dirs}/@{chrome_name}
-
-@{chromium_name} = chromium
-@{chromium_lib_dirs} = @{lib}/@{chromium_name}
 @{chromium_path} =  @{chromium_lib_dirs}/@{chromium_name}
-
-@{firefox_name} = firefox{,.sh,-esr,-bin}
-@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
 @{firefox_path} = @{bin}/@{firefox_name} @{firefox_lib_dirs}/@{firefox_name}
-
-@{opera_name} = opera{,-beta,-developer}
-@{opera_lib_dirs} = @{lib}/@{multiarch}/@{opera_name}
+@{msedge_path} =  @{msedge_lib_dirs}/@{msedge_name}
 @{opera_path} =  @{opera_lib_dirs}/@{opera_name}
+@{torbrowser_path} = @{torbrowser_lib_dirs}/firefox{,.real}
 
-@{browsers_path} = @{brave_path} @{chrome_path} @{chromium_path} @{firefox_path} @{opera_path}
+@{browsers_path}  = @{bin}/chromium @{bin}/torbrowser
+@{browsers_path} += @{brave_path} @{chrome_path} @{chromium_path} @{firefox_path} @{msedge_path} @{opera_path}
+@{browsers_path} += @{torbrowser_path} #aa:only whonix
 
 # Emails
-
-@{thunderbird_name} = thunderbird{,.sh,-bin} 
-@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
 @{thunderbird_path} = @{bin}/@{thunderbird_name} @{thunderbird_lib_dirs}/@{thunderbird_name}
+@{emails_path} = @{thunderbird_path} @{bin}/@{emails}
 
 # Open
-
 @{open_path}  = @{bin}/exo-open @{bin}/xdg-open @{bin}/gio
 @{open_path} += @{bin}/gio-launch-desktop @{lib}/gio-launch-desktop
 @{open_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop
 
-# Coreutils programs that should not have dedicated profile
-@{coreutils}  = {,g,m}awk b2sum base32 base64 basename basenc cat chcon chgrp chmod chown
-@{coreutils} += cksum comm cp csplit cut date dd df dir dircolors dirname diff du echo env expand
-@{coreutils} += expr factor false find fmt fold gawk {,e,f}grep head hostid id install join link
-@{coreutils} += ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup nproc numfmt
-@{coreutils} += od paste pathchk pinky pr printenv printf ptx pwd readlink realpath rm rmdir
-@{coreutils} += runcon sed seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep
-@{coreutils} += sort split stat stdbuf stty sum sync tac tail tee test timeout touch tr true
-@{coreutils} += truncate tsort tty uname unexpand uniq unlink vdir wc who whoami xargs yes
-@{coreutils_path} = @{bin}/@{coreutils}
+# File explorers
+@{file_explorers_path} = @{bin}/@{file_explorers}
+
+# Text editors
+@{text_edirors_path} = @{bin}/@{text_edirors} /usr/share/code/{bin/,}code
+
+# Document viewers
+@{document_viewers_path} = @{bin}/@{document_viewers}
+
+# Image viewers
+@{image_viewers_path} = @{bin}/@{image_viewers}
+
+# Archive viewers
+@{archive_viewers_path} = @{bin}/@{archive_viewers}
+
+# Office suites
+@{offices_path} = @{bin}/@{offices} @{lib}/libreoffice/program/soffice
 

apparmor.d/tunables/multiarch.d/programs

@@ -0,0 +1,70 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Define some some commonly used programs. This is not an exhaustive list.
+# It is meant to label programs to easily provide access in profiles.
+
+# Default distribution shells
+@{sh} = sh bash dash
+
+# All interactive shells users may want to use
+@{shells} = sh zsh bash dash fish rbash ksh tcsh csh
+
+# Coreutils programs that should not have dedicated profile
+@{coreutils}  = {,g,m}awk b2sum base32 base64 basename basenc cat chcon chgrp chmod chown
+@{coreutils} += cksum comm cp csplit cut date dd df dir dircolors dirname diff du echo env expand
+@{coreutils} += expr factor false find fmt fold gawk {,e,f}grep head hostid id install join link
+@{coreutils} += ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup nproc numfmt
+@{coreutils} += od paste pathchk pinky pr printenv printf ptx pwd readlink realpath rm rmdir
+@{coreutils} += runcon sed seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep
+@{coreutils} += sort split stat stdbuf stty sum sync tac tail tee test timeout touch tr true
+@{coreutils} += truncate tsort tty uname unexpand uniq unlink vdir wc who whoami xargs yes
+
+# Browsers
+
+@{brave_name} = brave{,-beta,-dev,-bin}
+@{brave_lib_dirs} = /opt/brave{-bin,.com}{,/@{brave_name}}
+
+@{chrome_name} = chrome{,-beta,-stable,-unstable}
+@{chrome_lib_dirs} = /opt/google/@{chrome_name}
+
+@{chromium_name} = chromium
+@{chromium_lib_dirs} = @{lib}/@{chromium_name}
+
+@{firefox_name} = firefox{,.sh,-esr,-bin}
+@{firefox_lib_dirs} = @{lib}/@{firefox_name} /opt/@{firefox_name}
+
+@{opera_name} = opera{,-beta,-developer}
+@{opera_lib_dirs} = @{lib}/@{multiarch}/@{opera_name}
+
+@{msedge_name} = msedge{,-beta,-dev}
+@{msedge_lib_dirs} = /opt/microsoft/@{name}
+
+@{torbrowser_name} = torbrowser "tor browser"
+@{torbrowser_lib_dirs} = @{HOME}/.tb/tor-browser/Browser/
+
+# Emails 
+
+@{thunderbird_name} = thunderbird{,.sh,-bin} 
+@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
+
+@{emails} = evolution geary
+
+# File explorers
+@{file_explorers} = dolphin nautilus thunar
+
+# Text editors
+@{text_edirors} = code gedit mousepad gnome-text-editor
+
+# Document viewers
+@{document_viewers} = evince okular *{F,f}oliate YACReader
+
+# Image viewers
+@{image_viewers} = eog loupe ristretto
+
+# Archive viewers
+@{archive_viewers} = engrampa file-roller xarchiver
+
+# Office suites
+@{offices} = libreoffice soffice