diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index 420180bd..ed529672 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -1,6 +1,6 @@ # apparmor.d - Full set of apparmor profiles -# Copyright (C) 2018-2021 Mikhail Morfikov -# 2021 Alexandre Pujol +# Copyright (C) 2018-2022 Mikhail Morfikov +# Copyright (C) 2021-2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -14,65 +14,18 @@ owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], # Home trash location - owner @{user_share_dirs}/Trash/ rw, - owner @{user_share_dirs}/Trash/#[0-9]*[0-9] rw, - owner @{user_share_dirs}/Trash/directorysizes{,.*} rwl -> @{user_share_dirs}/Trash/#[0-9]*[0-9], - owner @{user_share_dirs}/Trash/files/{,**} rw, - owner @{user_share_dirs}/Trash/info/ rw, - owner @{user_share_dirs}/Trash/info/*.trashinfo{,.*} rw, - owner @{user_share_dirs}/Trash/expunged/ rw, - owner @{user_share_dirs}/Trash/expunged/[0-9]* rw, - owner @{user_share_dirs}/Trash/expunged/[0-9]*/ rw, - owner @{user_share_dirs}/Trash/expunged/[0-9]*/** rw, + owner @{user_share_dirs}/Trash/{,**} rw, # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir - owner /{media,mnt}/*/.Trash/ rw, - owner /{media,mnt}/*/.Trash/[0-9]*/ rw, - owner /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9] rw, - owner /{media,mnt}/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9], - owner /{media,mnt}/*/.Trash/[0-9]*/files/{,**} rw, - owner /{media,mnt}/*/.Trash/[0-9]*/info/ rw, - owner /{media,mnt}/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw, - owner /{media,mnt}/*/.Trash/[0-9]*/expunged/ rw, - owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]* rw, - owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]*/ rw, - owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]*/** rw, + owner /{media,mnt}/*/.Trash/{,**} rw, # Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir - owner /{media,mnt}/*/.Trash-[0-9]*/ rw, - owner /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9] rw, - owner /{media,mnt}/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9], - owner /{media,mnt}/*/.Trash-[0-9]*/files/{,**} rw, - owner /{media,mnt}/*/.Trash-[0-9]*/info/ rw, - owner /{media,mnt}/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw, - owner /{media,mnt}/*/.Trash-[0-9]*/expunged/ rw, - owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]* rw, - owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]*/ rw, - owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]*/** rw, + owner /{media,mnt}/*/.Trash-[0-9]*/{,**} rw, # Removable media's trash location when the admin creates the .Trash/ folder in the top lvl dir - owner /{media,mnt}/*/*/.Trash/ rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/ rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/#[0-9]*[0-9] rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9], - owner /{media,mnt}/*/*/.Trash/[0-9]*/files/{,**} rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/info/ rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/ rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]* rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]*/ rw, - owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]*/** rw, + owner /{media,mnt}/*/*/.Trash/{,**} rw, # Removable media's trash location when the admin doesn't create the .Trash/ folder in the top lvl dir - owner /{media,mnt}/*/*/.Trash-[0-9]*/ rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/#[0-9]*[0-9] rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9], - owner /{media,mnt}/*/*/.Trash-[0-9]*/files/{,**} rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/info/ rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/ rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]* rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/ rw, - owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/** rw, + owner /{media,mnt}/*/*/.Trash-[0-9]*/{,**} rw, include if exists