From ca85373e3a1540131f9e50e13e0253798763c61f Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 17 Dec 2023 14:14:42 +0000 Subject: [PATCH] feat(dbus): start using the new dbus directive. --- .../bus/org.gtk.Private.RemoteVolumeMonitor | 6 +++--- apparmor.d/groups/_full/systemd | 2 +- apparmor.d/groups/apt/apt | 13 ++++++++++--- apparmor.d/groups/freedesktop/dconf-service | 11 +---------- apparmor.d/groups/gnome/gdm | 2 +- .../groups/gnome/gnome-control-center-goa-helper | 2 +- apparmor.d/groups/gnome/gnome-initial-setup | 2 +- .../groups/gnome/gnome-shell-calendar-server | 11 +---------- apparmor.d/groups/gnome/gnome-terminal-server | 14 +------------- apparmor.d/groups/gnome/goa-daemon | 5 +---- apparmor.d/groups/gnome/goa-identity-service | 8 +------- apparmor.d/groups/gnome/gsd-a11y-settings | 2 +- apparmor.d/groups/gnome/gsd-color | 6 +----- apparmor.d/groups/gnome/gsd-datetime | 2 +- apparmor.d/groups/gnome/gsd-disk-utility-notify | 2 +- apparmor.d/groups/gnome/gsd-housekeeping | 2 +- apparmor.d/groups/gnome/gsd-keyboard | 2 +- apparmor.d/groups/gnome/gsd-media-keys | 2 +- apparmor.d/groups/gnome/gsd-power | 5 +---- apparmor.d/groups/gnome/gsd-print-notifications | 6 +++--- apparmor.d/groups/gnome/gsd-printer | 7 +++---- apparmor.d/groups/gnome/gsd-rfkill | 8 +------- apparmor.d/groups/gnome/gsd-screensaver-proxy | 5 ++--- apparmor.d/groups/gnome/gsd-sharing | 2 +- apparmor.d/groups/gnome/gsd-smartcard | 12 +----------- apparmor.d/groups/gnome/gsd-sound | 2 +- apparmor.d/groups/gnome/gsd-wacom | 5 +---- apparmor.d/groups/gnome/gsd-xsettings | 11 ++--------- apparmor.d/profiles-a-f/evince | 7 +------ apparmor.d/profiles-a-f/fprintd | 5 +---- apparmor.d/profiles-m-r/obexd | 5 +---- apparmor.d/profiles-m-r/passimd | 2 +- apparmor.d/profiles-m-r/remmina | 2 +- apparmor.d/profiles-s-z/thermald | 2 +- 34 files changed, 51 insertions(+), 129 deletions(-) diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index d6288e58..e400ef9a 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -5,16 +5,16 @@ dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor member={List,IsSupported,VolumeChanged,VolumeMount,MountAdded} - peer=(name=:*, label=gvfs-udisks2-volume-monitor), + peer=(name=:*, label=gvfs-*-volume-monitor), dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor member={MountAdded,MountChanged,VolumeChanged,VolumeRemoved} - peer=(name=:*, label=gvfs-udisks2-volume-monitor), + peer=(name=:*, label=gvfs-*-volume-monitor), dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor member={VolumeAdded,DriveDisconnected,DriveConnected,DriveChanged} - peer=(name=:*, label=gvfs-udisks2-volume-monitor), + peer=(name=:*, label=gvfs-*-volume-monitor), include if exists diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd index fa2fefc3..97ffb7aa 100644 --- a/apparmor.d/groups/_full/systemd +++ b/apparmor.d/groups/_full/systemd @@ -90,7 +90,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) { unix (send) type=dgram, dbus, # TODO: WIP - dbus bind bus=system name=org.freedesktop.systemd1, + # dbus: own bus=system name=org.freedesktop.systemd1 @{bin}/systemctl rix, @{bin}/true rix, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index b5e4a0e0..f67f9c65 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -38,10 +38,17 @@ profile apt @{exec_path} flags=(attach_disconnected) { unix (send, receive) type=stream peer=(label=apt-esm-json-hook), unix (send, receive) type=stream peer=(label=snapd), - dbus bind bus=system name=org.debian.apt, + # dbus: own bus=system name=org.debian.apt - dbus (send, receive) bus=system path=/org/debian/apt{,/transaction/@{hex}} - interface=org.{debian.apt*,freedesktop.DBus.{Properties,Introspectable}}, + dbus send bus=system path=/org/freedesktop/DBus/Bus + interface=org.freedesktop.DBus + member={GetConnectionUnixProcessID,GetConnectionUnixUser} + peer=(name=org.freedesktop.DBus, label=dbus-daemon), + + dbus send bus=system path=/org/freedesktop/DBus/Bus + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=org.freedesktop.DBus, label=dbus-daemon), @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index eea031a0..196de8ad 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -15,16 +15,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term kill hup) peer=dbus-daemon, signal (receive) set=(term hup) peer=gdm*, - dbus bind bus=session name=ca.desrt.dconf, - - dbus send bus=session path=/ca/desrt/dconf/Writer/user - interface=ca.desrt.dconf.Writer - peer=(name=org.freedesktop.DBus), # all members and peer's labels - - dbus receive bus=session path=/ca/desrt/dconf/Writer/user - interface=ca.desrt.dconf.Writer - member=Change - peer=(name=:*), # all peer's labels + # dbus: own bus=session name=ca.desrt.dconf dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 4f0d58b5..61864255 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -27,7 +27,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { signal (send) set=(term), - # dbus: own bus=system name=org.gnome.DisplayManager.Manager + # dbus: own bus=system name=org.gnome.DisplayManager # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper index db66d749..3a8aa8e9 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper +++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper @@ -35,7 +35,7 @@ profile gnome-control-center-goa-helper @{exec_path} { signal (send) set=(kill) peer=bwrap, - dbus bind bus=session name=org.gnome.Settings.GoaHelper, + # dbus: own bus=session name=org.gnome.Settings.GoaHelper dbus send bus=session path=/org/gnome/OnlineAccounts interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index f2d6bfec..1fbb35bb 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -16,7 +16,7 @@ profile gnome-initial-setup @{exec_path} { network netlink raw, - dbus bind bus=session name=org.gnome.InitialSetup, + # dbus: own bus=session name=org.gnome.InitialSetup @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 0d92dc7a..dfdb3772 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -13,16 +13,7 @@ profile gnome-shell-calendar-server @{exec_path} { include include - dbus bind bus=session name=org.gnome.Shell.CalendarServer, - dbus receive bus=session path=/org/gnome/Shell/CalendarServer - interface=org.gnome.Shell.CalendarServer - peer=(name=:*, label=gnome-shell), - dbus (send receive) bus=session path=/org/gnome/Shell/CalendarServer - interface=org.freedesktop.DBus.Properties - peer=(name=:*), - dbus send bus=session path=/org/gnome/Shell/CalendarServer - interface=org.freedesktop.DBus.Properties - peer=(name=org.freedesktop.DBus), + # dbus: own bus=session name=org.gnome.Shell.CalendarServer dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 189e9e92..3be34aee 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -24,19 +24,7 @@ profile gnome-terminal-server @{exec_path} { ptrace (read) peer=htop, ptrace (read) peer=unconfined, - dbus bind bus=session name=org.gnome.Terminal, - dbus receive bus=session path=/org/gnome/Terminal{,/**} - interface=org.gnome.Terminal.* - peer=(name=:*), - dbus receive bus=session path=/org/gnome/Terminal{,/**} - interface=org.freedesktop.DBus.Properties - peer=(name=:*), - dbus receive bus=session path=/org/gnome/Terminal{,/**} - interface=org.gtk.Actions - peer=(name=:*), - dbus send bus=session path=/org/gnome/Terminal{,/**} - interface=org.gtk.Actions - peer=(name=org.freedesktop.DBus), + # dbus: own bus=session name=org.gnome.Terminal interface={org.freedesktop.DBus.Properties,org.gtk.Actions} dbus receive bus=session path=/org/gnome/Terminal/SearchProvider interface=org.gnome.Shell.SearchProvider2 diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index a60a4c4b..72befb09 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -25,10 +25,7 @@ profile goa-daemon @{exec_path} { network inet6 dgram, network netlink raw, - dbus bind bus=session name=org.gnome.OnlineAccounts, - dbus receive bus=session path=/org/gnome/OnlineAccounts - interface=org.freedesktop.DBus.ObjectManager - peer=(name=:*), + # dbus: own bus=session name=org.gnome.OnlineAccounts dbus send bus=session path=/org/gnome/Identity interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 31d4c608..d8791cf0 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -12,13 +12,7 @@ profile goa-identity-service @{exec_path} { include include - dbus bind bus=session name=org.gnome.Identity, - dbus receive bus=session path=/org/gnome/Identity - interface=org.freedesktop.DBus.ObjectManager - peer=(name=:*), - dbus receive bus=session path=/org/gnome/Identity/Manager - interface=org.freedesktop.DBus.Properties - peer=(name=:*), + # dbus: own bus=session name=org.gnome.Identity dbus send bus=session path=/org/gnome/OnlineAccounts interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 68ff65ae..ce778728 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -15,7 +15,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.A11ySettings, + # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 7e76e177..7834cee5 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -24,11 +24,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Color, - dbus receive bus=session path=/org/gnome/SettingsDaemon/Color - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gnome-shell), + # dbus: own bus=session name=org.gnome.SettingsDaemon.Color @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 3a78fe81..a642b5fb 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -15,7 +15,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Datetime, + # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index c2ac8ef0..504a579a 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -13,7 +13,7 @@ profile gsd-disk-utility-notify @{exec_path} { include include - dbus bind bus=session name=org.gnome.Disks.NotificationMonitor, + # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 80705fc6..bc292819 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -19,7 +19,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gnome*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Housekeeping, + # dbus: own bus=session name=org.gnome.SettingsDaemon.Housekeeping dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index d985ab17..46e6225d 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -23,7 +23,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Keyboard, + # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 2086e1d2..5a5fc473 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -28,7 +28,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { network netlink raw, - dbus bind bus=session name=org.gnome.SettingsDaemon.MediaKeys, + # dbus: own bus=session name=org.gnome.SettingsDaemon.MediaKeys dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 680a4669..ceeae8b3 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -33,10 +33,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Power, - dbus (send, receive) bus=session path=/org/gnome/SettingsDaemon/Power - interface=org.freedesktop.DBus.Properties - peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"), + # dbus: own bus=session name=org.gnome.SettingsDaemon.Power dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 225fe92e..a59d078e 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -21,10 +21,10 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(hup) peer=gsd-printer, - dbus bind bus=session name=org.gnome.SettingsDaemon.PrintNotifications, + # dbus: own bus=session name=org.gnome.SettingsDaemon.PrintNotifications - dbus receive bus=system path=/org/cups/cupsd/Notifier - interface=org.cups.cupsd.Notifier, + # dbus receive bus=system path=/org/cups/cupsd/Notifier + # interface=org.cups.cupsd.Notifier, dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 7dfd59f7..e2aeb809 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -17,10 +17,9 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(hup) peer=gsd-print-notifications, - dbus bind bus=system name=com.redhat.NewPrinterNotification, - - dbus bind bus=system name=com.redhat.PrinterDriversInstaller, - + # dbus: own bus=system name=com.redhat.NewPrinterNotification + # dbus: own bus=system name=com.redhat.PrinterDriversInstaller + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 8857b509..2d3e1cf1 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -20,13 +20,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { network netlink raw, - dbus bind bus=session name=org.gnome.SettingsDaemon.Rfkill, - dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill - interface=org.freedesktop.DBus.Properties - peer=(name=:*), - dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill - interface=org.freedesktop.DBus.Properties - peer=(name=org.freedesktop.DBus), + # dbus: own bus=session name=org.gnome.SettingsDaemon.Rfkill dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 9149023c..9d5485c8 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -14,9 +14,8 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.freedesktop.ScreenSaver, - - dbus bind bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy, + # dbus: own bus=session name=org.freedesktop.ScreenSaver + # dbus: own bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index dca68faf..582f664e 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -17,7 +17,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Sharing, + # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 70a6f5b3..1587a9c2 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -17,17 +17,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Smartcard, - dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard - interface=org.freedesktop.DBus.ObjectManager - member=GetManagedObjects - peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard - interface=org.freedesktop.DBus.Properties - peer=(name=:*), - dbus send bus=session path=/org/gnome/SettingsDaemon/Smartcard - interface=org.freedesktop.DBus.Properties - peer=(name=org.freedesktop.DBus), + # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 3c14484e..53d83637 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -17,7 +17,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Sound, + # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 3303d78f..03b6111b 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -21,10 +21,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom, - dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom - interface=org.freedesktop.DBus.Properties - peer=(name=:*), + # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 33e150d2..5c017587 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -32,15 +32,8 @@ profile gsd-xsettings @{exec_path} { network inet6 dgram, network netlink raw, - dbus bind bus=session name=org.gtk.Settings, - dbus receive bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - peer=(name=:*), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - peer=(name=org.freedesktop.DBus), - - dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings, + # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings + # dbus: own bus=session name=org.gtk.Settings dbus send bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 3027f745..d21bbed9 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -26,12 +26,7 @@ profile evince @{exec_path} { deny network inet, deny network inet6, - dbus bind bus=session name=org.gnome.evince.Daemon, - dbus send bus=session path=/org/gnome/evince/Daemon - interface=org.gnome.evince.Daemon - peer=(name=org.gnome.evince.Daemon), - dbus receive bus=session path=/org/gnome/evince/ - peer=(name="{org.gnome.evince.Daemon,org.freedesktop.DBus,:*}", label=@{profile_name}), # all interfaces and members + # dbus: own bus=session name=org.gnome.evince.Daemon dbus send bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index f93d8934..f360de28 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -19,10 +19,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { network netlink raw, - dbus bind bus=system name=net.reactivated.Fprint, - dbus receive bus=system path=/net/reactivated/Fprint/Manager - interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager} - peer=(name=:*), + # dbus: own bus=system name=net.reactivated.Fprint @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index 9a951011..666fe242 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -16,10 +16,7 @@ profile obexd @{exec_path} { network bluetooth stream, network bluetooth seqpacket, - dbus bind bus=session name=org.bluez.obex, - dbus receive bus=session path=/org/bluez/obex - interface=org.bluez.obex.AgentManager1 - peer=(name=:*), + # dbus: own bus=system name=org.bluez.obex @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index 4c44a458..63eb5ed5 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -18,7 +18,7 @@ profile passimd @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - dbus bind bus=system name=org.freedesktop.Passim, + # dbus: own bus=system name=org.freedesktop.Passim @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 1a580dac..dd41cba0 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -29,7 +29,7 @@ profile remmina @{exec_path} { network inet6 stream, network netlink raw, - dbus bind bus=session name=org.remmina.Remmina, + # dbus: own bus=session name=org.remmina.Remmina dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index e674fc87..cc4f2da1 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -17,7 +17,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { capability sys_boot, - dbus bind bus=system name=org.freedesktop.thermald, + # dbus: own bus=sessisystemon name=org.freedesktop.thermald @{exec_path} mr,