From 9b705ab76ce992e9ce469daa37c1caeaac2156a8 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 7 Feb 2024 13:47:28 +0000 Subject: [PATCH] feat(profiles): add plasma_session. --- apparmor.d/groups/kde/ksplashqml | 2 +- apparmor.d/groups/kde/pam_kwallet_init | 22 ++++++++++++ apparmor.d/groups/kde/plasma_session | 50 ++++++++++++++++++++++++++ apparmor.d/groups/kde/startplasma | 1 + 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 apparmor.d/groups/kde/pam_kwallet_init create mode 100644 apparmor.d/groups/kde/plasma_session diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml index b4e6102c..033ccfa3 100644 --- a/apparmor.d/groups/kde/ksplashqml +++ b/apparmor.d/groups/kde/ksplashqml @@ -19,7 +19,7 @@ profile ksplashqml @{exec_path} { /usr/share/plasma/** r, /usr/share/qt/translations/*.qm r, - owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/ksplash/ rw, owner @{user_cache_dirs}/ksplash/qmlcache/ rw, owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int}, diff --git a/apparmor.d/groups/kde/pam_kwallet_init b/apparmor.d/groups/kde/pam_kwallet_init new file mode 100644 index 00000000..d3784c4a --- /dev/null +++ b/apparmor.d/groups/kde/pam_kwallet_init @@ -0,0 +1,22 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/pam_kwallet_init +profile pam_kwallet_init @{exec_path} { + include + + @{exec_path} mr, + + @{bin}/{,ba,da}sh rix, + @{bin}/env rix, + @{bin}/socat rix, + + /dev/tty rw, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session new file mode 100644 index 00000000..f55f0a70 --- /dev/null +++ b/apparmor.d/groups/kde/plasma_session @@ -0,0 +1,50 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/plasma_session +profile plasma_session @{exec_path} { + include + include + + @{exec_path} mr, + + @{bin}/firewall-applet rPx, + @{bin}/gmenudbusmenuproxy rPx, + @{bin}/kaccess rPx, + @{bin}/kcminit rPx, + @{bin}/kded5 rPx, + @{bin}/ksmserver rPx, + @{bin}/ksplashqml rPx, + @{bin}/kwin_wayland_wrapper rPx, + @{bin}/plasmashell rPx, + @{bin}/spice-vdagent rPx, + @{bin}/xembedsniproxy rPx, + @{lib}/baloo_file rPx, + @{lib}/DiscoverNotifier rPx, + @{lib}/geoclue-2.0/demos/agent rPx, + @{lib}/org_kde_powerdevil rPx, + @{lib}/pam_kwallet_init rPx, + @{lib}/polkit-kde-authentication-agent-@{int} rPx, + + /usr/share/kservices5/{,**} r, + /usr/share/knotifications5/{,**} r, + + /etc/xdg/autostart/ r, + /etc/xdg/autostart/*.desktop r, + /etc/xdg/menus/ r, + + @{user_cache_dirs}/ksycoca5_* r, + + owner @{user_config_dirs}/baloofilerc r, + owner @{user_config_dirs}/kdedefaults/ksplashrc r, + owner @{user_config_dirs}/plasma-welcomerc r, + + @{PROC}/sys/kernel/core_pattern r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index 6ff0741e..2c83d520 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -17,6 +17,7 @@ profile startplasma @{exec_path} { @{bin}/kapplymousetheme rPUx, @{bin}/ksplashqml rPUx, + @{bin}/plasma_session rPx, @{bin}/xrdb rPx, @{bin}/xsetroot rPx,