feat(profiles): add plasma_session.

2024-11-15 07:54:17 +01:00 · 2024-02-07 13:47:28 +00:00 · 2024-02-07 13:47:28 +00:00 · 9b705ab76c
commit 9b705ab76c
parent 14a6f3fc5a
4 changed files with 74 additions and 1 deletions
--- a/apparmor.d/groups/kde/ksplashqml
+++ b/apparmor.d/groups/kde/ksplashqml
@ -19,7 +19,7 @@ profile ksplashqml @{exec_path} {
  /usr/share/plasma/** r,
  /usr/share/qt/translations/*.qm r,

-  owner @{user_cache_dirs}/icon-cache.kcache rw, 
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
  owner @{user_cache_dirs}/ksplash/ rw,
  owner @{user_cache_dirs}/ksplash/qmlcache/ rw,
  owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int},
--- a/apparmor.d/groups/kde/pam_kwallet_init
+++ b/apparmor.d/groups/kde/pam_kwallet_init
@ -0,0 +1,22 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/pam_kwallet_init
+profile pam_kwallet_init @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  @{bin}/{,ba,da}sh  rix,
+  @{bin}/env         rix,
+  @{bin}/socat       rix,
+
+  /dev/tty rw,
+
+  include if exists <local/pam_kwallet_init>
+}
--- a/apparmor.d/groups/kde/plasma_session
+++ b/apparmor.d/groups/kde/plasma_session
@ -0,0 +1,50 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/plasma_session
+profile plasma_session @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/kde-strict>
+
+  @{exec_path} mr,
+
+  @{bin}/firewall-applet                                 rPx,
+  @{bin}/gmenudbusmenuproxy                              rPx,
+  @{bin}/kaccess                                         rPx,
+  @{bin}/kcminit                                         rPx,
+  @{bin}/kded5                                           rPx,
+  @{bin}/ksmserver                                       rPx,
+  @{bin}/ksplashqml                                      rPx,
+  @{bin}/kwin_wayland_wrapper                            rPx,
+  @{bin}/plasmashell                                     rPx,
+  @{bin}/spice-vdagent                                   rPx,
+  @{bin}/xembedsniproxy                                  rPx,
+  @{lib}/baloo_file                                      rPx,
+  @{lib}/DiscoverNotifier                                rPx,
+  @{lib}/geoclue-2.0/demos/agent                         rPx,
+  @{lib}/org_kde_powerdevil                              rPx,
+  @{lib}/pam_kwallet_init                                rPx,
+  @{lib}/polkit-kde-authentication-agent-@{int}          rPx,
+
+  /usr/share/kservices5/{,**} r,
+  /usr/share/knotifications5/{,**} r,
+
+  /etc/xdg/autostart/ r,
+  /etc/xdg/autostart/*.desktop r,
+  /etc/xdg/menus/ r,
+
+  @{user_cache_dirs}/ksycoca5_* r,
+
+  owner @{user_config_dirs}/baloofilerc r,
+  owner @{user_config_dirs}/kdedefaults/ksplashrc r,
+  owner @{user_config_dirs}/plasma-welcomerc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  include if exists <local/plasma_session>
+}
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@ -17,6 +17,7 @@ profile startplasma @{exec_path} {

  @{bin}/kapplymousetheme  rPUx,
  @{bin}/ksplashqml        rPUx,
+  @{bin}/plasma_session     rPx,
  @{bin}/xrdb               rPx,
  @{bin}/xsetroot           rPx,