diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge new file mode 100644 index 00000000..00ad2fb6 --- /dev/null +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -0,0 +1,69 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/protonmail-bridge +profile protonmail-bridge @{exec_path} { + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} mr, + + @{bin}/pass rCx -> pass, + + /etc/lsb-release r, + /etc/machine-id r, + + owner @{user_password_store_dirs}/protonmail-credentials/{,**} r, + + owner @{user_cache_dirs}/protonmail/{,**} rwk, + owner @{user_config_dirs}/protonmail/{,**} rwk, + owner @{user_share_dirs}/protonmail/{,**} rwk, + + @{PROC}/sys/net/core/somaxconn r, + @{PROC}/@{pid}/cgroup r, + + profile pass { + include + include + + @{bin}/pass mr, + + @{bin}/{,ba,da}sh rix, + @{bin}/base64 rix, + @{bin}/dirname rix, + @{bin}/env rix, + @{bin}/env rix, + @{bin}/getopt rix, + @{bin}/git rPx -> pass//git, + @{bin}/gpg{,2} rPx -> pass//gpg, + @{bin}/mkdir rix, + @{bin}/rm rix, + @{bin}/rmdir rix, + @{bin}/sed rix, + @{bin}/tail rix, + @{bin}/tree rix, + @{bin}/tty rix, + @{bin}/which rix, + + owner @{user_password_store_dirs}/.gpg-id r, + owner @{user_password_store_dirs}/protonmail-credentials/{,**} rw, + deny owner @{user_password_store_dirs}/**/ r, + + /dev/tty rw, + + include if exists + } + + include if exists +} \ No newline at end of file diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 18aa71f3..2b5e72c6 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -246,6 +246,7 @@ plymouth-set-default-theme attach_disconnected,complain plymouthd complain polkit-kde-authentication-agent complain power-profiles-daemon attach_disconnected,complain +protonmail-bridge complain qemu-ga complain remmina complain repo complain