mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes and profile updates

Browse Source 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
This commit is contained in:
Jeroen Rijken 2024-02-22 14:42:18 +01:00 committed by Alex
parent b532dd6827
commit b0655e9993
9 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apparmor.d/abstractions/bus/org.bluez
View File

@ -12,6 +12,16 @@
member=PropertiesChanged member=PropertiesChanged
peer=(name=:*, label=bluetoothd), peer=(name=:*, label=bluetoothd),
dbus send bus=system path=/
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects
peer=(name=:*, label=bluetoothd),
dbus send bus=system path=/org/bluez
interface=org.bluez.AgentManager@{int}
member=UnregisterAgent
peer=(name=org.bluez, label=bluetoothd),
dbus send bus=system path=/org/bluez dbus send bus=system path=/org/bluez
interface=org.bluez.ProfileManager@{int} interface=org.bluez.ProfileManager@{int}
member=RegisterProfile member=RegisterProfile

7
apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
View File

@ -42,6 +42,11 @@
member=Introspect member=Introspect
peer=(name=:*, label=NetworkManager), peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
member=InterfacesAdded
peer=(name=:*, label=NetworkManager),
dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**} dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member=PropertiesChanged member=PropertiesChanged
@ -59,7 +64,7 @@
dbus receive bus=system path=/org/freedesktop/NetworkManager dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager interface=org.freedesktop.NetworkManager
member={DeviceAdded,DeviceRemoved,StateChanged} member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged}
peer=(name=:*, label=NetworkManager), peer=(name=:*, label=NetworkManager),
include if exists <abstractions/bus/org.freedesktop.NetworkManager.d> include if exists <abstractions/bus/org.freedesktop.NetworkManager.d>

2
apparmor.d/abstractions/bus/org.freedesktop.login1
View File

@ -14,7 +14,7 @@
dbus send bus=system path=/org/freedesktop/login1 dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager interface=org.freedesktop.login1.Manager
member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend} member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend,CreateSession}
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind), peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
dbus receive bus=system path=/org/freedesktop/login1 dbus receive bus=system path=/org/freedesktop/login1

5
apparmor.d/groups/systemd/networkctl
View File

@ -27,6 +27,11 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
unix (bind) type=stream addr=@@{hex}/bus/networkctl/system, unix (bind) type=stream addr=@@{hex}/bus/networkctl/system,
# dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd # dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd
# No label available
dbus send bus=system path=/org/freedesktop/network@{int}
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.freedesktop.network@{int}),
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/groups/systemd/systemd-journald
View File

@ -53,6 +53,7 @@ profile systemd-journald @{exec_path} {
@{run}/udev/data/+platform:* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+scsi:* r, @{run}/udev/data/+scsi:* r,
@{run}/udev/data/+sdio:* r, @{run}/udev/data/+sdio:* r,
@{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/+usb-serial:* r, @{run}/udev/data/+usb-serial:* r,
@{run}/udev/data/+usb:* r, @{run}/udev/data/+usb:* r,
@{run}/udev/data/+virtio:* r, @{run}/udev/data/+virtio:* r,

1
apparmor.d/groups/ubuntu/do-release-upgrade
View File

@ -10,6 +10,7 @@ include <tunables/global>
profile do-release-upgrade @{exec_path} { profile do-release-upgrade @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/apt-common> include <abstractions/apt-common>
include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/openssl> include <abstractions/openssl>
include <abstractions/python> include <abstractions/python>

5
apparmor.d/profiles-a-f/cups-browsed
View File

@ -30,6 +30,11 @@ profile cups-browsed @{exec_path} {
member=StateChanged member=StateChanged
peer=(name=:*, label=avahi-daemon), peer=(name=:*, label=avahi-daemon),
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=CheckPermissions
peer=(name=:*, label=NetworkManager),
@{exec_path} mr, @{exec_path} mr,
/usr/share/cups/locale/{,**} r, /usr/share/cups/locale/{,**} r,

1
apparmor.d/profiles-a-f/fwupd
View File

@ -11,6 +11,7 @@ include <tunables/global>
profile fwupd @{exec_path} flags=(complain,attach_disconnected) { profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.bluez>
include <abstractions/bus/org.freedesktop.ModemManager1> include <abstractions/bus/org.freedesktop.ModemManager1>
include <abstractions/bus/org.freedesktop.PolicyKit1> include <abstractions/bus/org.freedesktop.PolicyKit1>
include <abstractions/bus/org.freedesktop.UDisks2> include <abstractions/bus/org.freedesktop.UDisks2>

5
apparmor.d/profiles-m-r/obexd
View File

@ -19,6 +19,11 @@ profile obexd @{exec_path} {
# dbus: own bus=session name=org.bluez.obex # dbus: own bus=session name=org.bluez.obex
dbus receive bus=system path=/org/bluez/obex/@{uuid}
interface=org.bluez.Profile1
member=Release
peer=(name=:*, label=bluetoothd),
@{exec_path} mr, @{exec_path} mr,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,