mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profile): dbus: allow to talk with org.gtk.vfs for some profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-09-21 13:35:57 +01:00
parent 89240929e9
commit cc33e29af0
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apparmor.d/groups/gnome/gnome-shell
View File

@ -34,9 +34,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/bus/org.freedesktop.systemd1> include <abstractions/bus/org.freedesktop.systemd1>
include <abstractions/bus/org.freedesktop.UPower> include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor> include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
include <abstractions/bus/org.gtk.vfs.Daemon>
include <abstractions/bus/org.gtk.vfs.Metadata>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-write> include <abstractions/fontconfig-cache-write>
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
@ -93,6 +90,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
#aa:dbus talk bus=session name=org.gnome.ScreenSaver label=gjs-console #aa:dbus talk bus=session name=org.gnome.ScreenSaver label=gjs-console
#aa:dbus talk bus=session name=org.gnome.SessionManager label=gnome-session-binary #aa:dbus talk bus=session name=org.gnome.SessionManager label=gnome-session-binary
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.* label=gsd-* #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.* label=gsd-*
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
# System bus # System bus
@ -135,10 +133,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
member=Embed member=Embed
peer=(name=org.a11y.atspi.Registry), peer=(name=org.a11y.atspi.Registry),
dbus send bus=session path=/org/gtk/vfs/**
interface=org.gtk.vfs.*
peer=(name=:*, label=gvfsd*),
dbus send bus=session path=/org/ayatana/NotificationItem/* dbus send bus=session path=/org/ayatana/NotificationItem/*
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member={Get,GetAll} member={Get,GetAll}

2
apparmor.d/groups/gnome/gnome-text-editor
View File

@ -15,6 +15,8 @@ profile gnome-text-editor @{exec_path} {
include <abstractions/user-read-strict> include <abstractions/user-read-strict>
include <abstractions/user-write-strict> include <abstractions/user-write-strict>
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
@{exec_path} mr, @{exec_path} mr,
owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw,

2
apparmor.d/groups/gnome/loupe
View File

@ -19,6 +19,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
signal (send) set=(kill) peer=loupe//bwrap, signal (send) set=(kill) peer=loupe//bwrap,
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
@{exec_path} mr, @{exec_path} mr,
@{bin}/bwrap rCx -> bwrap, @{bin}/bwrap rCx -> bwrap,

6
apparmor.d/profiles-a-f/evince
View File

@ -31,11 +31,7 @@ profile evince @{exec_path} {
#aa:dbus own bus=session name=org.gnome.evince #aa:dbus own bus=session name=org.gnome.evince
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label=gsd-media-keys #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label=gsd-media-keys
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
dbus send bus=session path=/org/gtk/vfs/metadata
interface=org.gtk.vfs.Metadata
member={Set,GetTreeFromDevice}
peer=(name=:*, label=gvfsd-metadata),
@{exec_path} rix, @{exec_path} rix,