mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(dbus): update dbus rules.

Browse Source
This commit is contained in:
Alexandre Pujol 2023-12-16 21:30:47 +00:00
parent dc3f292d45
commit ceb4c582e1
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
13 changed files with 47 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apparmor.d/groups/bus/ibus-extension-gtk3
View File

@ -30,6 +30,11 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) {
dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3, dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3,
dbus receive bus=session path=/org/gtk/Settings
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=:*, label=gsd-xsettings),
dbus receive bus=session dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable
member=Introspect member=Introspect

5
apparmor.d/groups/gnome/evolution-calendar-factory
View File

@ -52,6 +52,11 @@ profile evolution-calendar-factory @{exec_path} {
member=PropertiesChanged member=PropertiesChanged
peer=(name=org.freedesktop.DBus, label=gnome-shell-calendar-server), peer=(name=org.freedesktop.DBus, label=gnome-shell-calendar-server),
dbus send bus=session path=/org/gnome/evolution/dataserver/CalendarView/**
interface=org.gnome.evolution.dataserver.CalendarView
member=Complete
peer=(name=org.freedesktop.DBus, label=gnome-calendar),
dbus receive bus=session dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable
member=Introspect member=Introspect

22
apparmor.d/groups/gnome/gnome-calendar
View File

@ -12,7 +12,6 @@ profile gnome-calendar @{exec_path} {
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.GeoClue2>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.login1> include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.NetworkManager> include <abstractions/bus/org.freedesktop.NetworkManager>
@ -30,25 +29,16 @@ profile gnome-calendar @{exec_path} {
network netlink raw, network netlink raw,
dbus bind bus=session name=org.gnome.Calendar, # dbus: own bus=session name=org.gnome.Calendar interface={org.freedesktop.Application,org.gtk.Actions}
dbus (send, receive) bus=session path=/org/gnome/Calendar
interface=org.freedesktop.{Actions,Application}
peer=(name="{:*,org.freedesktop.DBus}"),
dbus receive bus=session path=/org/gnome/Calendar/SearchProvider # dbus: talk bus=session name=org.gnome.evolution.dataserver.CalendarView label=evolution-calendar-factory
interface=org.gnome.Shell.SearchProvider2 # dbus: talk bus=session name=org.gnome.evolution.dataserver.Source label=evolution-source-registry
peer=(name=:*, label=gnome-shell), # dbus: talk bus=system name=org.freedesktop.GeoClue2 label=geoclue
dbus send bus=session path=/org/gnome/evolution/dataserver/** dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=evolution-*),
dbus send bus=session path=/org/gnome/evolution/dataserver/**
interface=org.gnome.evolution.dataserver.*
peer=(name=:*, label=evolution-*),
dbus send bus=session path=/org/gnome/evolution/dataserver/**
interface=org.freedesktop.DBus.ObjectManager interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects member=GetManagedObjects
peer=(name=:*, label=evolution-*), peer=(name=:*, label=evolution-source-registry),
@{exec_path} mr, @{exec_path} mr,

23
apparmor.d/groups/gnome/gnome-shell
View File

@ -84,27 +84,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
interface={org.gnome.*,org.freedesktop.{Application,DBus.Properties,DBus.ObjectManager},org.gtk.{Actions,Application}} interface={org.gnome.*,org.freedesktop.{Application,DBus.Properties,DBus.ObjectManager},org.gtk.{Actions,Application}}
peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"), peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"),
# dbus: own bus=session name=com.canonical.Unity path=/com/canonical/unity
# dbus: own bus=session name=org.gtk.MountOperationHandler # dbus: own bus=session name=org.gtk.MountOperationHandler
# dbus: own bus=session name=org.gtk.Notifications
dbus bind bus=session name=com.canonical.Unity, # dbus: own bus=session name=org.kde.StatusNotifierWatcher path=/StatusNotifierWatcher
dbus receive bus=session path=/com/canonical/unity/**
interface=com.canonical.Unity{,.*}
peer=(name=:*),
dbus bind bus=session name=org.kde.StatusNotifierWatcher,
dbus receive bus=session path=/StatusNotifierWatcher
interface=org.kde.StatusNotifierWatcher
peer=(name=:*),
dbus bind bus=session name=org.gtk.Notifications,
dbus receive bus=session path=/org/gtk/Notifications
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus receive bus=session path=/org/freedesktop/Notifications
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
dbus bind bus=session name=com.rastersoft.dingextension, dbus bind bus=session name=com.rastersoft.dingextension,
dbus (send, receive) bus=session path=/com/rastersoft/ding dbus (send, receive) bus=session path=/com/rastersoft/ding

5
apparmor.d/groups/gnome/gsd-media-keys
View File

@ -81,6 +81,11 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
member=PropertiesChanged member=PropertiesChanged
peer=(name=:*, label=gsd-power), peer=(name=:*, label=gsd-power),
dbus send bus=session path=/org/mpris/MediaPlayer2
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*),
@{exec_path} mr, @{exec_path} mr,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open, @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,

5
apparmor.d/groups/gnome/gsd-wacom
View File

@ -26,11 +26,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
peer=(name=:*), peer=(name=:*),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=gnome-shell),
@{exec_path} mr, @{exec_path} mr,
/usr/share/dconf/profile/gdm r, /usr/share/dconf/profile/gdm r,

2
apparmor.d/groups/gnome/tracker-miner
View File

@ -36,7 +36,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
# Talk from tracker-extract # Talk from tracker-extract
dbus receive bus=session path=/org/freedesktop/Tracker3/{Files,Endpoint,Miner/Extract} dbus receive bus=session path=/org/freedesktop/Tracker3/{Files,Endpoint,Miner/Extract}
interface={org.freedesktop.Tracker3.{Miner,Endpoint,Files},org.freedesktop.DBus.{Peer,Properties}} interface={org.freedesktop.Tracker3.{Miner,Endpoint,Files},org.freedesktop.DBus.{Peer,Properties}}
peer=(name=:*, label=tracker-extract), peer=(name="{:*,org.freedesktop.DBus}", label=tracker-extract),
@{exec_path} mr, @{exec_path} mr,

4
apparmor.d/groups/ubuntu/software-properties-dbus
View File

@ -24,6 +24,10 @@ profile software-properties-dbus @{exec_path} {
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable
member=Introspect member=Introspect
peer=(name=:*, label=gnome-shell), peer=(name=:*, label=gnome-shell),
dbus receive bus=system
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=:*, label=software-properties-gtk),
@{exec_path} mr, @{exec_path} mr,

3
apparmor.d/groups/ubuntu/software-properties-gtk
View File

@ -25,6 +25,9 @@ profile software-properties-gtk @{exec_path} {
dbus (send, receive) bus=system path=/com/ubuntu/SoftwareProperties dbus (send, receive) bus=system path=/com/ubuntu/SoftwareProperties
interface={com.ubuntu.SoftwareProperties,org.gtk.{Application,Actions}} interface={com.ubuntu.SoftwareProperties,org.gtk.{Application,Actions}}
peer=(name="{:*,com.ubuntu.SoftwareProperties}", label=software-properties-gtk), peer=(name="{:*,com.ubuntu.SoftwareProperties}", label=software-properties-gtk),
dbus send bus=system path=/
interface=com.ubuntu.SoftwareProperties
peer=(name=:*, label=software-properties-dbus),
dbus send bus=system path=/ dbus send bus=system path=/
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable

7
apparmor.d/groups/ubuntu/update-manager
View File

@ -16,6 +16,7 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.login1> include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.NetworkManager> include <abstractions/bus/org.freedesktop.NetworkManager>
include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.freedesktop.UPower> include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/dconf-write> include <abstractions/dconf-write>
@ -33,9 +34,9 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
signal (send) peer=apt-methods-http, signal (send) peer=apt-methods-http,
dbus (send,receive) bus=system path=/org/debian/apt{,/transaction/*} # dbus: own bus=session name=org.freedesktop.UpdateManager
interface={org.debian{,.apt*},org.freedesktop.DBus.{Introspectable,Properties}}
member={CommitPackages,Run,PropertyChanged,Introspect,Set,GetAll,UpdateCache}, # dbus: talk bus=system name=org.debian.apt
@{exec_path} mr, @{exec_path} mr,

9
apparmor.d/groups/ubuntu/update-notifier
View File

@ -30,6 +30,15 @@ profile update-notifier @{exec_path} {
member=RegisterStatusNotifierItem member=RegisterStatusNotifierItem
peer=(name=:*, label=gnome-shell), peer=(name=:*, label=gnome-shell),
dbus send bus=system path=/org/debian/apt
interface=org.debian.apt
member=GetActiveTransactions
peer=(name=:*, label=apt),
dbus send bus=system path=/org/debian/apt
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=apt),
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{bin}/{,ba,da}sh rix,

1
apparmor.d/profiles-a-f/cups-notifier-dbus
View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/cups/notifier/dbus @{exec_path} = @{lib}/cups/notifier/dbus
profile cups-notifier-dbus @{exec_path} { profile cups-notifier-dbus @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session>
signal (receive) set=(term) peer=cupsd, signal (receive) set=(term) peer=cupsd,

5
apparmor.d/profiles-m-r/packagekitd
View File

@ -38,10 +38,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
signal send set=int peer=apt-methods-*, signal send set=int peer=apt-methods-*,
dbus bind bus=system name=org.freedesktop.PackageKit, # dbus: own bus=system name=org.freedesktop.PackageKit
dbus receive bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.DBus.Properties
peer=(name=:*, label=gnome-shell),
dbus send bus=system path=/org/freedesktop/DBus dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus