mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(dbus): add new unified main dbus abstraction.

Browse source 
specify the aa profile in the peer label.
This commit is contained in:
Alexandre Pujol 2023-12-06 19:10:23 +00:00
parent 6a3cc952e1
commit aa1491a3c0
Failed to generate hash of commit
3 changed files with 63 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
apparmor.d/abstractions/bus/accessibility Normal file
View file

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
dbus send bus=accessibility path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher),
dbus send bus=accessibility path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher),
owner @{run}/user/@{uid}/at-spi/ rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/at-spi/bus_@{int} rw,
include if exists <abstractions/bus/accessibility.d>

27
apparmor.d/abstractions/bus/session Normal file
View file

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
unix (bind, listen) type=stream addr="@/tmp/dbus-*",
unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*",
unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-*"),
dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
/etc/machine-id r,
/var/lib/dbus/machine-id r,
owner /tmp/dbus-@{rand8} rw,
owner /tmp/dbus-@{rand10} rw,
owner @{run}/user/@{uid}/bus rw,
include if exists <abstractions/bus/session.d>

17
apparmor.d/abstractions/bus/system Normal file
View file

@ -0,0 +1,17 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
@{run}/dbus/system_bus_socket rw,
include if exists <abstractions/bus/system.d>