feat(dbus): start using the new dbus directive.

2025-01-18 00:48:10 +01:00 · 2023-12-17 14:14:42 +00:00 · 2023-12-17 14:14:42 +00:00 · ca85373e3a
commit ca85373e3a
parent e2682b3072
34 changed files with 51 additions and 129 deletions
--- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor
+++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor
@ -5,16 +5,16 @@
  dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
       interface=org.gtk.Private.RemoteVolumeMonitor
       member={List,IsSupported,VolumeChanged,VolumeMount,MountAdded}
-       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
+       peer=(name=:*, label=gvfs-*-volume-monitor),
  dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
       interface=org.gtk.Private.RemoteVolumeMonitor
       member={MountAdded,MountChanged,VolumeChanged,VolumeRemoved}
-       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
+       peer=(name=:*, label=gvfs-*-volume-monitor),
  dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
       interface=org.gtk.Private.RemoteVolumeMonitor
       member={VolumeAdded,DriveDisconnected,DriveConnected,DriveChanged}
-       peer=(name=:*, label=gvfs-udisks2-volume-monitor),
+       peer=(name=:*, label=gvfs-*-volume-monitor),
  include if exists <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor.d>
--- a/apparmor.d/groups/_full/systemd
+++ b/apparmor.d/groups/_full/systemd
@ -90,7 +90,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
  unix (send) type=dgram,
  dbus, # TODO: WIP
-  dbus bind bus=system name=org.freedesktop.systemd1,
+  # dbus: own bus=system name=org.freedesktop.systemd1
  @{bin}/systemctl                  rix,
  @{bin}/true                       rix,
--- a/apparmor.d/groups/apt/apt
+++ b/apparmor.d/groups/apt/apt
@ -38,10 +38,17 @@ profile apt @{exec_path} flags=(attach_disconnected) {
  unix (send, receive) type=stream peer=(label=apt-esm-json-hook),
  unix (send, receive) type=stream peer=(label=snapd),
-  dbus bind bus=system name=org.debian.apt,
+  # dbus: own bus=system name=org.debian.apt
-  dbus (send, receive) bus=system path=/org/debian/apt{,/transaction/@{hex}}
+  dbus send bus=system path=/org/freedesktop/DBus/Bus
-       interface=org.{debian.apt*,freedesktop.DBus.{Properties,Introspectable}},
+       interface=org.freedesktop.DBus
       member={GetConnectionUnixProcessID,GetConnectionUnixUser}
       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
  dbus send bus=system path=/org/freedesktop/DBus/Bus
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
  @{exec_path} mr,
--- a/apparmor.d/groups/freedesktop/dconf-service
+++ b/apparmor.d/groups/freedesktop/dconf-service
@ -15,16 +15,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term kill hup) peer=dbus-daemon,
  signal (receive) set=(term hup) peer=gdm*,
-  dbus bind bus=session name=ca.desrt.dconf,
+  # dbus: own bus=session name=ca.desrt.dconf
  dbus send bus=session path=/ca/desrt/dconf/Writer/user
       interface=ca.desrt.dconf.Writer
       peer=(name=org.freedesktop.DBus), # all members and peer's labels
  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
       interface=ca.desrt.dconf.Writer
       member=Change
       peer=(name=:*), # all peer's labels
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@ -27,7 +27,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
  signal (send) set=(term),
-  # dbus: own bus=system name=org.gnome.DisplayManager.Manager
+  # dbus: own bus=system name=org.gnome.DisplayManager
  # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind
--- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper
+++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper
@ -35,7 +35,7 @@ profile gnome-control-center-goa-helper @{exec_path} {
  signal (send) set=(kill) peer=bwrap,
-  dbus bind bus=session name=org.gnome.Settings.GoaHelper,
+  # dbus: own bus=session name=org.gnome.Settings.GoaHelper
  dbus send bus=session path=/org/gnome/OnlineAccounts
       interface=org.freedesktop.DBus.ObjectManager
--- a/apparmor.d/groups/gnome/gnome-initial-setup
+++ b/apparmor.d/groups/gnome/gnome-initial-setup
@ -16,7 +16,7 @@ profile gnome-initial-setup @{exec_path} {
  network netlink raw,
-  dbus bind bus=session name=org.gnome.InitialSetup,
+  # dbus: own bus=session name=org.gnome.InitialSetup
  @{exec_path} mr,
--- a/apparmor.d/groups/gnome/gnome-shell-calendar-server
+++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server
@ -13,16 +13,7 @@ profile gnome-shell-calendar-server @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/nameservice-strict>
-  dbus bind bus=session name=org.gnome.Shell.CalendarServer,
+  # dbus: own bus=session name=org.gnome.Shell.CalendarServer
  dbus receive bus=session path=/org/gnome/Shell/CalendarServer
       interface=org.gnome.Shell.CalendarServer
       peer=(name=:*, label=gnome-shell),
  dbus (send receive) bus=session path=/org/gnome/Shell/CalendarServer
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/Shell/CalendarServer
       interface=org.freedesktop.DBus.Properties
       peer=(name=org.freedesktop.DBus),
  dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
       interface=org.freedesktop.DBus.Properties
--- a/apparmor.d/groups/gnome/gnome-terminal-server
+++ b/apparmor.d/groups/gnome/gnome-terminal-server
@ -24,19 +24,7 @@ profile gnome-terminal-server @{exec_path} {
  ptrace (read) peer=htop,
  ptrace (read) peer=unconfined,
-  dbus bind bus=session name=org.gnome.Terminal,
+  # dbus: own bus=session name=org.gnome.Terminal interface={org.freedesktop.DBus.Properties,org.gtk.Actions}
  dbus receive bus=session path=/org/gnome/Terminal{,/**}
       interface=org.gnome.Terminal.*
       peer=(name=:*),
  dbus receive bus=session path=/org/gnome/Terminal{,/**}
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus receive bus=session path=/org/gnome/Terminal{,/**}
       interface=org.gtk.Actions
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/Terminal{,/**}
       interface=org.gtk.Actions
       peer=(name=org.freedesktop.DBus),
  dbus receive bus=session path=/org/gnome/Terminal/SearchProvider
       interface=org.gnome.Shell.SearchProvider2
--- a/apparmor.d/groups/gnome/goa-daemon
+++ b/apparmor.d/groups/gnome/goa-daemon
@ -25,10 +25,7 @@ profile goa-daemon @{exec_path} {
  network inet6 dgram,
  network netlink raw,
-  dbus bind bus=session name=org.gnome.OnlineAccounts,
+  # dbus: own bus=session name=org.gnome.OnlineAccounts
  dbus receive bus=session path=/org/gnome/OnlineAccounts
       interface=org.freedesktop.DBus.ObjectManager
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/Identity
       interface=org.freedesktop.DBus.ObjectManager
--- a/apparmor.d/groups/gnome/goa-identity-service
+++ b/apparmor.d/groups/gnome/goa-identity-service
@ -12,13 +12,7 @@ profile goa-identity-service @{exec_path} {
  include <abstractions/authentication>
  include <abstractions/bus-session>
-  dbus bind bus=session name=org.gnome.Identity,
+  # dbus: own bus=session name=org.gnome.Identity
  dbus receive bus=session path=/org/gnome/Identity
       interface=org.freedesktop.DBus.ObjectManager
       peer=(name=:*),
  dbus receive bus=session path=/org/gnome/Identity/Manager
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/OnlineAccounts
       interface=org.freedesktop.DBus.ObjectManager
--- a/apparmor.d/groups/gnome/gsd-a11y-settings
+++ b/apparmor.d/groups/gnome/gsd-a11y-settings
@ -15,7 +15,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.A11ySettings,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-color
+++ b/apparmor.d/groups/gnome/gsd-color
@ -24,11 +24,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Color,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Color
  dbus receive bus=session path=/org/gnome/SettingsDaemon/Color
       interface=org.freedesktop.DBus.Properties
       member=GetAll
       peer=(name=:*, label=gnome-shell),
  @{exec_path} mr,
--- a/apparmor.d/groups/gnome/gsd-datetime
+++ b/apparmor.d/groups/gnome/gsd-datetime
@ -15,7 +15,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Datetime,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-disk-utility-notify
+++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify
@ -13,7 +13,7 @@ profile gsd-disk-utility-notify @{exec_path} {
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.UDisks2>
-  dbus bind bus=session name=org.gnome.Disks.NotificationMonitor,
+  # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-housekeeping
+++ b/apparmor.d/groups/gnome/gsd-housekeeping
@ -19,7 +19,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
  signal (receive) set=(term, hup) peer=gnome*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Housekeeping,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Housekeeping
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-keyboard
+++ b/apparmor.d/groups/gnome/gsd-keyboard
@ -23,7 +23,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Keyboard,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard
  @{exec_path} mr,
--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@ -28,7 +28,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
  network netlink raw,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.MediaKeys,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.MediaKeys
  dbus send bus=system path=/org/freedesktop/login1
       interface=org.freedesktop.login1.Manager
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -33,10 +33,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Power,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Power
  dbus (send, receive) bus=session path=/org/gnome/SettingsDaemon/Power
       interface=org.freedesktop.DBus.Properties
       peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"),
  dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
       interface=org.freedesktop.DBus.Properties
--- a/apparmor.d/groups/gnome/gsd-print-notifications
+++ b/apparmor.d/groups/gnome/gsd-print-notifications
@ -21,10 +21,10 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
  signal (send) set=(hup) peer=gsd-printer,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.PrintNotifications,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.PrintNotifications
-  dbus receive bus=system path=/org/cups/cupsd/Notifier
+  # dbus receive bus=system path=/org/cups/cupsd/Notifier
-       interface=org.cups.cupsd.Notifier,
+  #      interface=org.cups.cupsd.Notifier,
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-printer
+++ b/apparmor.d/groups/gnome/gsd-printer
@ -17,10 +17,9 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
  signal (receive) set=(hup) peer=gsd-print-notifications,
-  dbus bind bus=system name=com.redhat.NewPrinterNotification,
+  # dbus: own bus=system name=com.redhat.NewPrinterNotification
-
+  # dbus: own bus=system name=com.redhat.PrinterDriversInstaller
-  dbus bind bus=system name=com.redhat.PrinterDriversInstaller,
+  
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
--- a/apparmor.d/groups/gnome/gsd-rfkill
+++ b/apparmor.d/groups/gnome/gsd-rfkill
@ -20,13 +20,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
  network netlink raw,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Rfkill,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Rfkill
  dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
       interface=org.freedesktop.DBus.Properties
       peer=(name=org.freedesktop.DBus),
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-screensaver-proxy
+++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy
@ -14,9 +14,8 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.freedesktop.ScreenSaver,
+  # dbus: own bus=session name=org.freedesktop.ScreenSaver
-
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy
  dbus bind bus=session name=org.gnome.SettingsDaemon.ScreensaverProxy,
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-sharing
+++ b/apparmor.d/groups/gnome/gsd-sharing
@ -17,7 +17,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Sharing,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing
  dbus send bus=session path=/org/freedesktop/systemd1
       interface=org.freedesktop.systemd1.Manager
--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@ -17,17 +17,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Smartcard,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard
  dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
       interface=org.freedesktop.DBus.ObjectManager
       member=GetManagedObjects
       peer=(name=:*, label=gnome-shell),
  dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus send bus=session path=/org/gnome/SettingsDaemon/Smartcard
       interface=org.freedesktop.DBus.Properties
       peer=(name=org.freedesktop.DBus),
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-sound
+++ b/apparmor.d/groups/gnome/gsd-sound
@ -17,7 +17,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Sound,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound
  dbus receive bus=session
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/groups/gnome/gsd-wacom
+++ b/apparmor.d/groups/gnome/gsd-wacom
@ -21,10 +21,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
  signal (receive) set=(term, hup) peer=gdm*,
-  dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom
  dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  @{exec_path} mr,
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@ -32,15 +32,8 @@ profile gsd-xsettings @{exec_path} {
  network inet6 dgram,
  network netlink raw,
-  dbus bind bus=session name=org.gtk.Settings,
+  # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings
-  dbus receive bus=session path=/org/gtk/Settings
+  # dbus: own bus=session name=org.gtk.Settings
       interface=org.freedesktop.DBus.Properties
       peer=(name=:*),
  dbus send bus=session path=/org/gtk/Settings
       interface=org.freedesktop.DBus.Properties
       peer=(name=org.freedesktop.DBus),
  dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
  dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
       interface=org.freedesktop.Accounts.User
--- a/apparmor.d/profiles-a-f/evince
+++ b/apparmor.d/profiles-a-f/evince
@ -26,12 +26,7 @@ profile evince @{exec_path} {
  deny network inet,
  deny network inet6,
-  dbus bind bus=session name=org.gnome.evince.Daemon,
+  # dbus: own bus=session name=org.gnome.evince.Daemon
  dbus send bus=session path=/org/gnome/evince/Daemon
       interface=org.gnome.evince.Daemon
       peer=(name=org.gnome.evince.Daemon),
  dbus receive bus=session path=/org/gnome/evince/
       peer=(name="{org.gnome.evince.Daemon,org.freedesktop.DBus,:*}", label=@{profile_name}), # all interfaces and members
  dbus send bus=session path=/org/gtk/vfs/metadata
       interface=org.gtk.vfs.Metadata
--- a/apparmor.d/profiles-a-f/fprintd
+++ b/apparmor.d/profiles-a-f/fprintd
@ -19,10 +19,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
  network netlink raw,
-  dbus bind bus=system name=net.reactivated.Fprint,
+  # dbus: own bus=system name=net.reactivated.Fprint
  dbus receive bus=system path=/net/reactivated/Fprint/Manager
       interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager}
       peer=(name=:*),
  @{exec_path} mr,
--- a/apparmor.d/profiles-m-r/obexd
+++ b/apparmor.d/profiles-m-r/obexd
@ -16,10 +16,7 @@ profile obexd @{exec_path} {
  network bluetooth stream,
  network bluetooth seqpacket,
-  dbus bind bus=session name=org.bluez.obex,
+  # dbus: own bus=system name=org.bluez.obex
  dbus receive bus=session path=/org/bluez/obex
       interface=org.bluez.obex.AgentManager1
       peer=(name=:*),
  @{exec_path} mr,
--- a/apparmor.d/profiles-m-r/passimd
+++ b/apparmor.d/profiles-m-r/passimd
@ -18,7 +18,7 @@ profile passimd @{exec_path} flags=(attach_disconnected) {
  network inet6 stream,
  network netlink raw,
-  dbus bind bus=system name=org.freedesktop.Passim,
+  # dbus: own bus=system name=org.freedesktop.Passim
  @{exec_path} mr,
--- a/apparmor.d/profiles-m-r/remmina
+++ b/apparmor.d/profiles-m-r/remmina
@ -29,7 +29,7 @@ profile remmina @{exec_path} {
  network inet6 stream,
  network netlink raw,
-  dbus bind bus=session name=org.remmina.Remmina,
+  # dbus: own bus=session name=org.remmina.Remmina
  dbus send bus=session path=/StatusNotifierWatcher
       interface=org.freedesktop.DBus.Introspectable
--- a/apparmor.d/profiles-s-z/thermald
+++ b/apparmor.d/profiles-s-z/thermald
@ -17,7 +17,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
  capability sys_boot,
-  dbus bind bus=system name=org.freedesktop.thermald,
+  # dbus: own bus=sessisystemon name=org.freedesktop.thermald
  @{exec_path} mr,