From a5cafe26ea8e664bffa606e37708dcd56f594e9b Mon Sep 17 00:00:00 2001 From: beroal Date: Sun, 6 Oct 2024 22:46:12 +0300 Subject: [PATCH] aMule, a file sharing program; not all executables (#546) * aMule, a file sharing program; not all executables * ABI 4; document directories; amule//shell was deleted --- apparmor.d/abstractions/app-open | 1 + apparmor.d/profiles-a-f/alc | 21 +++++++++++++++++ apparmor.d/profiles-a-f/alcc | 20 ++++++++++++++++ apparmor.d/profiles-a-f/amule | 39 ++++++++++++++++++++++++++++++++ apparmor.d/profiles-a-f/cas | 25 ++++++++++++++++++++ apparmor.d/profiles-a-f/ed2k | 22 ++++++++++++++++++ apparmor.d/profiles-a-f/fileview | 26 +++++++++++++++++++++ 7 files changed, 154 insertions(+) create mode 100644 apparmor.d/profiles-a-f/alc create mode 100644 apparmor.d/profiles-a-f/alcc create mode 100644 apparmor.d/profiles-a-f/amule create mode 100644 apparmor.d/profiles-a-f/cas create mode 100644 apparmor.d/profiles-a-f/ed2k create mode 100644 apparmor.d/profiles-a-f/fileview diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index 70f89d86..f0fd3220 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -26,6 +26,7 @@ @{text_editors_path} rPUx, # Others + @{bin}/amule rPx, @{bin}/blueman-tray rPx, @{bin}/discord{,-ptb} rPx, @{bin}/draw.io rPUx, diff --git a/apparmor.d/profiles-a-f/alc b/apparmor.d/profiles-a-f/alc new file mode 100644 index 00000000..232f8386 --- /dev/null +++ b/apparmor.d/profiles-a-f/alc @@ -0,0 +1,21 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/alc +profile alc @{exec_path} { + include + include + include + + @{exec_path} mr, + @{user_torrents_dirs}/{,**} rw, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/alcc b/apparmor.d/profiles-a-f/alcc new file mode 100644 index 00000000..c1e7d060 --- /dev/null +++ b/apparmor.d/profiles-a-f/alcc @@ -0,0 +1,20 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/alcc +profile alcc @{exec_path} { + include + include + + @{exec_path} mr, + @{user_torrents_dirs}/{,**} r, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/amule b/apparmor.d/profiles-a-f/amule new file mode 100644 index 00000000..b54e6202 --- /dev/null +++ b/apparmor.d/profiles-a-f/amule @@ -0,0 +1,39 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/amule +profile amule @{exec_path} { + include + include + include + include + + network inet dgram, + network inet stream, + network inet6 dgram, + network inet6 stream, + network netlink raw, + + + # Previewing files isn't allowed + # because aMule opens viewers directly instead of via `xdg-open`. + # If aMule uses `xdg-open` in your time, + # uncomment the following line to allow previewing files. + # @{open_path} rPx -> child-open, + + @{exec_path} mr, + @{bin}/uname rPx, + @{sh_path} rix, + @{system_share_dirs}/amule/{,**} r, + owner @{HOME}/.aMule/{,**} rwk, + @{user_torrents_dirs}/{,**} rw, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cas b/apparmor.d/profiles-a-f/cas new file mode 100644 index 00000000..d843801b --- /dev/null +++ b/apparmor.d/profiles-a-f/cas @@ -0,0 +1,25 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/cas +profile cas @{exec_path} { + include + include + + @{exec_path} mr, + + @{system_share_dirs}/cas/{,**} r, + + owner @{HOME}/.aMule/aMule-online-sign.html w, + owner @{HOME}/.aMule/amulesig.dat r, + owner @{HOME}/.aMule/casrc rw, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ed2k b/apparmor.d/profiles-a-f/ed2k new file mode 100644 index 00000000..f92e3b74 --- /dev/null +++ b/apparmor.d/profiles-a-f/ed2k @@ -0,0 +1,22 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/ed2k +profile ed2k @{exec_path} { + include + include + + @{exec_path} mr, + + owner @{HOME}/.aMule/ED2KLinks w, + owner @{HOME}/.aMule/ED2KLinks_lock wk, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fileview b/apparmor.d/profiles-a-f/fileview new file mode 100644 index 00000000..9237f2a9 --- /dev/null +++ b/apparmor.d/profiles-a-f/fileview @@ -0,0 +1,26 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Roman Beslik +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/fileview +profile fileview @{exec_path} { + include + include + + @{exec_path} mr, + + # This program parses aMule internal data files like "server.met". + # The paths to these files are given as arguments. + # The following directories are those that users likely want to read. + # However, this program is usable without the permissions below. + owner @{HOME}/.aMule/{,**} r, + @{user_torrents_dirs}/{,**} r, + + include if exists +} + +# vim:syntax=apparmor