feat(profile): update kde profiles.

2024-11-15 16:03:51 +01:00 · 2023-11-26 23:05:01 +00:00 · 2023-11-26 23:05:01 +00:00 · c2bc6f26ae
commit c2bc6f26ae
parent 8250e202a0
4 changed files with 38 additions and 7 deletions
--- a/apparmor.d/groups/kde/kioslave5
+++ b/apparmor.d/groups/kde/kioslave5
@ -32,6 +32,7 @@ profile kioslave5 @{exec_path} {

  signal (receive) set=term peer=dolphin,
  signal (receive) set=term peer=firefox-kmozillahelper,
+  signal (receive) set=term peer=plasma-discover,
  signal (receive) set=term peer=plasmashell,

  @{exec_path} mr,
@ -46,6 +47,7 @@ profile kioslave5 @{exec_path} {
  /usr/share/kservices5/{,**} r,
  /usr/share/kservicetypes5/*.desktop r,
  /usr/share/mime/ r,
+  /usr/share/remoteview/* r,

  /etc/fstab r,
  /etc/xdg/kdeglobals r,
--- a/apparmor.d/groups/kde/plasma-discover
+++ b/apparmor.d/groups/kde/plasma-discover
@ -34,15 +34,21 @@ profile plasma-discover @{exec_path} {
  @{bin}/{,ba,da}sh                 rix,
  @{bin}/kreadconfig5               rPx,

-  @{lib}/kf5/kioslave5               rPx,
-  @{lib}/kf5/kio_http_cache_cleaner  rPx,
+  @{bin}/gpg                        rCx -> gpg,
+  @{bin}/gpgconf                    rCx -> gpg,
+  @{bin}/gpgsm                      rCx -> gpg,
+  @{lib}/kf5/kioslave5              rPx,
+  @{lib}/kf5/kio_http_cache_cleaner rPx,

-  /usr/share/kservices5/{,*} r,
+  /usr/share/knotifications5/plasma_workspace.notifyrc r,
  /usr/share/knsrcfiles/{,*} r,
+  /usr/share/kservices5/{,*} r,
+  /usr/share/libdiscover/** r,
  /usr/share/qt/translations/*.qm r,

  /etc/appstream.conf r,
  /etc/flatpak/remotes.d/{,**} r,
+  /etc/gnutls/config r,
  /etc/machine-id r,
  /etc/xdg/ r,
  /etc/xdg/accept-languages.codes r,
@ -56,9 +62,10 @@ profile plasma-discover @{exec_path} {
  /var/lib/flatpak/repo/{,**} r,
  /var/lib/flatpak/appstream/{,**} r,

-  owner @{user_cache_dirs}/discover/{,**} rwl,
-  owner @{user_cache_dirs}/appstream/*.xb r,
  owner @{user_cache_dirs}/appstream/ r,
+  owner @{user_cache_dirs}/appstream/*.xb rw,
+  owner @{user_cache_dirs}/discover/{,**} rwl,
+  owner @{user_cache_dirs}/flatpak/system-cache/{,**} rw,
  owner @{user_cache_dirs}/icon-cache.kcache rw,
  owner @{user_cache_dirs}/kio_http/ w,

@ -80,6 +87,13 @@ profile plasma-discover @{exec_path} {
  owner @{user_share_dirs}/knewstuff3/ r,
  owner @{user_share_dirs}/knewstuff3/ w,

+  owner /tmp/ostree-gpg-*/ rw,
+  owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
+  owner /tmp/#@{int} rw,
+
+  owner @{run}/user/@{uid}/.flatpak-cache rw,
+  owner @{run}/user/@{uid}/.flatpak/{,**} rw,
+  owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk,
  owner @{run}/user/@{uid}/#@{int} rw,
  owner @{run}/user/@{uid}/discover@{rand6}.* rwl ->  @{run}/user/@{uid}/#@{int},

@ -89,5 +103,20 @@ profile plasma-discover @{exec_path} {

  /dev/tty r,

+  profile gpg {
+    include <abstractions/base>
+
+    @{bin}/gpg{,2} mr,
+    @{bin}/gpgconf mr,
+    @{bin}/gpgsm   mr,
+
+    @{HOME}/@{XDG_GPG_DIR}/*.conf r,
+
+    owner /tmp/ostree-gpg-*/ r,
+    owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
+
+    include if exists <local/plasma-discover_gpg>
+  }
+
  include if exists <local/plasma-discover>
 }
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@ -77,7 +77,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  @{bin}/dbus-update-activation-environment rCx -> dbus,
  @{bin}/gnome-keyring-daemon rPx,
  @{bin}/kwalletd5            rPx,
-  @{bin}/startplasma-wayland rPUx,
+  @{bin}/startplasma-wayland  rPx,
  @{bin}/startplasma-x11      rPx,
  @{bin}/systemctl            rPx -> child-systemctl,
  @{bin}/xrdb                 rPx,
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@ -6,7 +6,7 @@ abi <abi/3.0>,

 include <tunables/global>

-@{exec_path} = @{bin}/startplasma-{wayland,x11}
+@{exec_path} = @{bin}/startplasma-wayland @{bin}/startplasma-x11
 profile startplasma @{exec_path} {
  include <abstractions/base>
  include <abstractions/freedesktop.org>