mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

dbus-gtk

Browse source
This commit is contained in:
nobodysu 2022-08-02 01:47:47 +03:00
parent b8445e3b45
commit c96b6d8ee7
4 changed files with 137 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
apparmor.d/abstractions/dbus-gtk Normal file
View file

@ -0,0 +1,50 @@
# apparmor.d - Full set of apparmor profiles
# SPDX-License-Identifier: GPL-2.0-only
dbus (send) bus=session path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker
member=ListMountableInfo
peer=(name=:*),
dbus (send) bus=session path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=ListMonitorImplementations
peer=(name=:*),
dbus (send) bus=session path=/org/gtk/Settings
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus (send) bus=session path=/org/a11y/bus
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.a11y.Bus),
dbus (send) bus=session path=/org/a11y/bus
interface=org.a11y.Bus
member=GetAddress
peer=(name=org.a11y.Bus),
dbus (send, receive) bus=session path=/org/freedesktop/Notifications
interface=org.freedesktop.Notifications
peer=(name=:*),
dbus (receive) bus=accessibility path=/org/a11y/atspi/registry
interface=org.a11y.atspi.Registry
member=EventListenerDeregistered
peer=(name=:*),
dbus (send) bus=accessibility path=/org/a11y/atspi/registry
interface=org.a11y.atspi.Registry
member=GetRegisteredEvents
peer=(name=org.a11y.atspi.Registry),
dbus (send) bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
interface=org.a11y.atspi.DeviceEventController
member={GetKeystrokeListeners,GetDeviceEventListeners}
peer=(name=org.a11y.atspi.Registry),
/etc/gtk-3.[0-9]/settings.ini r,
owner /tmp/dbus-[0-9a-zA-Z]* rw,

2
apparmor.d/abstractions/nvidia.d/complete
View file

@ -6,6 +6,4 @@
owner @{user_cache_dirs}/nvidia/GLCache/ rw, owner @{user_cache_dirs}/nvidia/GLCache/ rw,
owner @{user_cache_dirs}/nvidia/GLCache/** rwk, owner @{user_cache_dirs}/nvidia/GLCache/** rwk,
@{run}/nvidia-xdriver-* w,
unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"),

14
apparmor.d/groups/apps/thunderbird
View file

@ -18,6 +18,7 @@ profile thunderbird @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/opencl-intel> include <abstractions/opencl-intel>
include <abstractions/wayland>
include <abstractions/nvidia> include <abstractions/nvidia>
include <abstractions/vulkan> include <abstractions/vulkan>
include <abstractions/mesa> include <abstractions/mesa>
@ -35,7 +36,7 @@ profile thunderbird @{exec_path} {
include <abstractions/ibus> include <abstractions/ibus>
include <abstractions/dbus-strict> include <abstractions/dbus-strict>
include <abstractions/dbus-session-strict> include <abstractions/dbus-session-strict>
include if exists <abstractions/ubuntu-unity7-base> include <abstractions/dbus-gtk>
ptrace peer=@{profile_name}, ptrace peer=@{profile_name},
@ -53,26 +54,26 @@ profile thunderbird @{exec_path} {
owner @{PROC}/@{pid}/gid_map w, owner @{PROC}/@{pid}/gid_map w,
owner @{PROC}/@{pid}/uid_map w, owner @{PROC}/@{pid}/uid_map w,
dbus send bus=session path=/org/freedesktop/DBus dbus (send) bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus
member=RequestName member=RequestName
peer=(name=org.freedesktop.DBus), peer=(name=org.freedesktop.DBus),
dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]* dbus (send) bus=system path=/org/freedesktop/RealtimeKit[0-9]*
member={Get,MakeThreadHighPriority,MakeThreadRealtime} member={Get,MakeThreadHighPriority,MakeThreadRealtime}
peer=(name=org.freedesktop.RealtimeKit[0-9]*), peer=(name=org.freedesktop.RealtimeKit[0-9]*),
dbus send bus=system path=/org/freedesktop/UPower dbus (send) bus=system path=/org/freedesktop/UPower
interface=org.freedesktop.UPower interface=org.freedesktop.UPower
member=EnumerateDevices member=EnumerateDevices
peer=(name=org.freedesktop.UPower), peer=(name=org.freedesktop.UPower),
dbus send bus=session path=/ca/desrt/dconf/Writer/user dbus (send) bus=session path=/ca/desrt/dconf/Writer/user
interface=ca.desrt.dconf.Writer interface=ca.desrt.dconf.Writer
member={Change,Notify} member={Change,Notify}
peer=(name=ca.desrt.dconf), peer=(name=ca.desrt.dconf),
dbus bind bus=session dbus (bind) bus=session
name=org.mozilla.thunderbird.*, name=org.mozilla.thunderbird.*,
@{exec_path} mrix, @{exec_path} mrix,
@ -142,6 +143,7 @@ profile thunderbird @{exec_path} {
# gnome-tiny # gnome-tiny
/etc/gnome/defaults.list r, /etc/gnome/defaults.list r,
@{run}/mount/utab r, @{run}/mount/utab r,
/usr/share/gvfs/remote-volume-monitors/{,*} r,
deny @{sys}/devices/system/cpu/present r, deny @{sys}/devices/system/cpu/present r,
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,

185
apparmor.d/profiles-m-r/qbittorrent
View file

@ -1,6 +1,5 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2015-2020 Mikhail Morfikov
# Copyright (C) 2022 nobodysu
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>, abi <abi/3.0>,
@ -15,7 +14,6 @@ profile qbittorrent @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/X> include <abstractions/X>
include <abstractions/gtk> include <abstractions/gtk>
include <abstractions/gnome>
include <abstractions/fonts> include <abstractions/fonts>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>
@ -29,14 +27,14 @@ profile qbittorrent @{exec_path} {
include <abstractions/dbus-strict> include <abstractions/dbus-strict>
include <abstractions/dbus-session-strict> include <abstractions/dbus-session-strict>
include <abstractions/dbus-accessibility-strict> include <abstractions/dbus-accessibility-strict>
include <abstractions/dbus-network-manager-strict>
include <abstractions/dbus-gtk>
include <abstractions/wayland> include <abstractions/wayland>
include <abstractions/dri-enumerate> include <abstractions/dri-enumerate>
include <abstractions/mesa> include <abstractions/mesa>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/openssl> include <abstractions/openssl>
include <abstractions/ssl_certs> include <abstractions/ssl_certs>
include if exists <abstractions/ubuntu-unity7-base>
include if exists <abstractions/dbus-network-manager-strict>
signal (send) set=(term, kill) peer=qbittorrent//python3, signal (send) set=(term, kill) peer=qbittorrent//python3,
@ -47,6 +45,71 @@ profile qbittorrent @{exec_path} {
network netlink dgram, network netlink dgram,
network netlink raw, network netlink raw,
dbus (send) bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.kde.StatusNotifierWatcher),
dbus (send) bus=session path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.kde.StatusNotifierWatcher),
dbus (send) bus=session path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
member=RegisterStatusNotifierItem
peer=(name=org.kde.StatusNotifierWatcher),
dbus (send) bus=session path=/StatusNotifierItem
interface=org.kde.StatusNotifierItem
member={NewToolTip,NewIcon}
peer=(name=org.freedesktop.DBus),
dbus (receive) bus=session path=/StatusNotifierItem
interface=org.kde.StatusNotifierItem
member=Activate
peer=(name=:*),
dbus (receive) bus=session path=/StatusNotifierItem
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus (receive) bus=session path=/MenuBar
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus (send) bus=session path=/MenuBar
interface=com.canonical.dbusmenu
member=ItemsPropertiesUpdated
peer=(name=org.freedesktop.DBus),
dbus (receive) bus=session path=/MenuBar
interface=com.canonical.dbusmenu
member={GetLayout,GetGroupProperties,AboutToShow,AboutToShowGroup,EventGroup,Event}
peer=(name=:*),
dbus (send) bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus),
dbus (send) bus=accessibility path=/org/a11y/atspi/accessible/root
interface=org.a11y.atspi.Socket
member=Embed
peer=(name=org.a11y.atspi.Registry),
dbus (receive) bus=accessibility path=/org/a11y/atspi/accessible/root
interface=org.freedesktop.DBus.Properties
member=Set
peer=(name=:*),
dbus (bind) bus=session
name=org.kde.StatusNotifierItem-*,
owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw,
@{exec_path} mr, @{exec_path} mr,
# For "search engine" # For "search engine"
@ -57,7 +120,7 @@ profile qbittorrent @{exec_path} {
owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9],
owner @{user_share_dirs}/data/ rw, owner @{user_share_dirs}/data/ rw,
owner @{user_share_dirs}/{,data/}qBittorrent/ rw, owner @{user_share_dirs}/{,data/}qBittorrent/ rw,
owner @{user_share_dirs}/{,data/}qBittorrent/** rwl -> @{user_share_dirs}/data/qBittorrent/**/#[0-9]*[0-9], owner @{user_share_dirs}/{,data/}qBittorrent/** rwl -> @{user_share_dirs}/{,data/}qBittorrent/**/#[0-9]*[0-9],
# Old dir, not recommended to use: # Old dir, not recommended to use:
# deny owner @{user_share_dirs}/data/qBittorrent/ rw, # deny owner @{user_share_dirs}/data/qBittorrent/ rw,
@ -112,92 +175,9 @@ profile qbittorrent @{exec_path} {
owner @{run}/user/@{uid}/dconf/user rw, owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/ICEauthority r, owner @{run}/user/@{uid}/ICEauthority r,
# DBus # gnome-tiny
deny dbus send /usr/share/gvfs/remote-volume-monitors/{,*} r,
bus=session /usr/share/glib-2.0/schemas/gschemas.compiled r,
path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker
member=ListMountableInfo,
dbus send
bus=session
path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=ListMonitorImplementations,
dbus send
bus=session
path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.kde.StatusNotifierWatcher),
dbus send
bus=session
path=/StatusNotifierWatcher
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.kde.StatusNotifierWatcher),
dbus send
bus=session
path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
member=RegisterStatusNotifierItem
peer=(name=org.kde.StatusNotifierWatcher),
dbus send
bus=session
path=/StatusNotifierItem
interface=org.kde.StatusNotifierItem
member=NewToolTip
peer=(name=org.freedesktop.DBus),
dbus receive
bus=session
path=/StatusNotifierItem
interface=org.kde.StatusNotifierItem
member=Activate
peer=(name=:*),
dbus receive
bus=session
path=/MenuBar
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus send
bus=session
path=/MenuBar
interface=com.canonical.dbusmenu
member=ItemsPropertiesUpdated
peer=(name=org.freedesktop.DBus),
dbus receive
bus=session
path=/MenuBar
interface=com.canonical.dbusmenu
member={GetLayout,GetGroupProperties,AboutToShow,AboutToShowGroup,EventGroup,Event}
peer=(name=:*),
dbus receive
bus=session
path=/StatusNotifierItem
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus send
bus=session
path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus),
dbus bind
bus=session
name=org.kde.StatusNotifierItem-*,
# Launch external apps # Launch external apps
/{usr/,}bin/xdg-{open,mime} rCx -> open, /{usr/,}bin/xdg-{open,mime} rCx -> open,
@ -217,7 +197,12 @@ profile qbittorrent @{exec_path} {
profile open { profile open {
include <abstractions/base> include <abstractions/base>
include <abstractions/xdg-open> include <abstractions/xdg-open>
include if exists <abstractions/ubuntu-unity7-base> include <abstractions/dbus-gtk>
dbus (send) bus=session path=/org/gnome/{Nautilus,Totem,gedit}
interface=org.freedesktop.Application
member=Open
peer=(name="org.gnome.{Nautilus,Totem,gedit}"),
/{usr/,}bin/xdg-open mr, /{usr/,}bin/xdg-open mr,
@ -231,6 +216,7 @@ profile qbittorrent @{exec_path} {
/{usr/,}bin/qpdfview rPx, /{usr/,}bin/qpdfview rPx,
/{usr/,}bin/ebook-viewer rPx, /{usr/,}bin/ebook-viewer rPx,
/{usr/,}lib/firefox/firefox rPx, /{usr/,}lib/firefox/firefox rPx,
/{usr/,}bin/engrampa rPx,
/{usr/,}bin/{ba,da,}sh rix, /{usr/,}bin/{ba,da,}sh rix,
/{usr/,}bin/{g,m,}awk rix, /{usr/,}bin/{g,m,}awk rix,
@ -249,19 +235,6 @@ profile qbittorrent @{exec_path} {
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,
dbus send
bus=session
path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=ListMonitorImplementations,
dbus send
bus=session
path=/org/gnome/{Nautilus,Totem,gedit}
interface=org.freedesktop.Application
member=Open
peer=(name="org.gnome.{Nautilus,Totem,gedit}"),
include if exists <local/qbittorrent_open> include if exists <local/qbittorrent_open>
} }