From cc33e29af0987c32816383ec581bdde4700aa30d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 21 Sep 2024 13:35:57 +0100 Subject: [PATCH] feat(profile): dbus: allow to talk with org.gtk.vfs for some profiles. --- apparmor.d/groups/gnome/gnome-shell | 8 +------- apparmor.d/groups/gnome/gnome-text-editor | 2 ++ apparmor.d/groups/gnome/loupe | 2 ++ apparmor.d/profiles-a-f/evince | 6 +----- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 3ee2665e..c7265206 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -34,9 +34,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include include - include - include - include include include include @@ -93,6 +90,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { #aa:dbus talk bus=session name=org.gnome.ScreenSaver label=gjs-console #aa:dbus talk bus=session name=org.gnome.SessionManager label=gnome-session-binary #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.* label=gsd-* + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" # System bus @@ -135,10 +133,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { member=Embed peer=(name=org.a11y.atspi.Registry), - dbus send bus=session path=/org/gtk/vfs/** - interface=org.gtk.vfs.* - peer=(name=:*, label=gvfsd*), - dbus send bus=session path=/org/ayatana/NotificationItem/* interface=org.freedesktop.DBus.Properties member={Get,GetAll} diff --git a/apparmor.d/groups/gnome/gnome-text-editor b/apparmor.d/groups/gnome/gnome-text-editor index 80ff8310..8641e01b 100644 --- a/apparmor.d/groups/gnome/gnome-text-editor +++ b/apparmor.d/groups/gnome/gnome-text-editor @@ -15,6 +15,8 @@ profile gnome-text-editor @{exec_path} { include include + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" + @{exec_path} mr, owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, diff --git a/apparmor.d/groups/gnome/loupe b/apparmor.d/groups/gnome/loupe index 6d53ebf4..a90f8664 100644 --- a/apparmor.d/groups/gnome/loupe +++ b/apparmor.d/groups/gnome/loupe @@ -19,6 +19,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) { signal (send) set=(kill) peer=loupe//bwrap, + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" + @{exec_path} mr, @{bin}/bwrap rCx -> bwrap, diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 73d73eb0..3ac55439 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -31,11 +31,7 @@ profile evince @{exec_path} { #aa:dbus own bus=session name=org.gnome.evince #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label=gsd-media-keys - - dbus send bus=session path=/org/gtk/vfs/metadata - interface=org.gtk.vfs.Metadata - member={Set,GetTreeFromDevice} - peer=(name=:*, label=gvfsd-metadata), + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" @{exec_path} rix,