mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(dbus): dbus rules cleanup (2)
This commit is contained in:
Alexandre Pujol
parent
8a49f2ebe1
commit
cd391bae01
16 changed files with 49 additions and 74 deletions
|
|
@ -12,15 +12,12 @@ profile gvfs-goa-volume-monitor @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor,
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
peer=(name=:*, label="{gnome-shell,nautilus,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
@ -32,9 +29,6 @@ profile gvfs-goa-volume-monitor @{exec_path} {
|
|||
member=GetManagedObjects
|
||||
peer=(name=:*, label=goa-daemon),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.GoaVolumeMonitor,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/gvfs-goa-volume-monitor>
|
||||
|
|
|
|||
|
|
@ -16,11 +16,6 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
|
|
|
|||
|
|
@ -32,11 +32,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.{DBus.*,UDisks2.*}
|
||||
peer=(label=udisksd),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
|
|
|
|||
|
|
@ -13,11 +13,6 @@ profile gvfsd-dnssd @{exec_path} {
|
|||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={Ping,GetAPIVersion,GetState,ServiceBrowserNew},
|
||||
|
|
|
|||
|
|
@ -13,11 +13,6 @@ profile gvfsd-network @{exec_path} {
|
|||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gtk/gvfs/exec_spaw/[0-9]*
|
||||
interface=org.gtk.vfs.Spawner
|
||||
member=Spawned
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021-2022 Mikhail Morfikov
|
||||
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
|
@ -10,7 +10,6 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd-trash
|
||||
profile gvfsd-trash @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -20,29 +19,38 @@ profile gvfsd-trash @{exec_path} {
|
|||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gtk.vfs.mountpoint_@{int},
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/Daemon
|
||||
interface=org.gtk.vfs.Daemon
|
||||
member=GetConnection
|
||||
peer=(name=:*, label=gnome-control-center),
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/gvfs/exec_spaw/[0-9]*
|
||||
dbus receive bus=session path=/org/gtk/vfs/mountable
|
||||
interface=org.gtk.vfs.Mountable
|
||||
member=Mount
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int}
|
||||
interface=org.gtk.vfs.Spawner
|
||||
member=Spawned
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=RegisterMount
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.mountpoint_[0-9]*,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
# Can restore all user files
|
||||
|
|
|
|||
|
|
@ -24,11 +24,6 @@ profile systemd-machined @{exec_path} {
|
|||
capability sys_chroot,
|
||||
capability sys_ptrace,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixUser
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1/{,{unit,job}/*}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
|
|
|
|||
|
|
@ -23,11 +23,6 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus bind bus=system name=org.freedesktop.timesync1,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{etc_rw}/adjtime r,
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ profile update-notifier @{exec_path} {
|
|||
include <abstractions/bus/atspi>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
|
|
@ -27,9 +28,20 @@ profile update-notifier @{exec_path} {
|
|||
interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus (send) bus=accessibility path=/org/a11y/atspi/registry{,/**}
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.kde.StatusNotifierWatcher
|
||||
member=RegisterStatusNotifierItem
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability sys_nice,
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login[0-9]/session/_[0-9]*
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
dbus receive bus=system path=/org/freedesktop/login1/session/_[0-9]*
|
||||
interface=org.freedesktop.login1.Session
|
||||
member=Unlock,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
|
|
|||
|
|
@ -17,16 +17,6 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus (bind) bus=system name=org.freedesktop.thermald,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
|
|||
|
|
@ -70,7 +70,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=Changed,
|
||||
member=Changed
|
||||
peer=(name=:*, label=polkitd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
|
|
|
|||
Loading…
Reference in a new issue