From d75fa9bbd58a6fc3f92a18330590db39448e4570 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 30 Nov 2023 23:20:29 +0000 Subject: [PATCH] feat(dbus): dbus rules cleanup (3) --- apparmor.d/abstractions/gtk.d/complete | 5 +++ apparmor.d/groups/bus/ibus-daemon | 6 +-- apparmor.d/groups/bus/ibus-extension-gtk3 | 7 +--- apparmor.d/groups/freedesktop/pulseaudio | 38 ++++++------------ .../groups/freedesktop/xdg-desktop-portal-gtk | 9 +---- apparmor.d/groups/freedesktop/xorg | 2 +- apparmor.d/groups/gnome/gdm-wayland-session | 4 +- apparmor.d/groups/gnome/gdm-x-session | 4 +- apparmor.d/groups/gnome/gnome-keyring-daemon | 2 +- apparmor.d/groups/gnome/gnome-session-binary | 27 ++++++++----- apparmor.d/groups/gnome/gnome-terminal-server | 4 +- apparmor.d/groups/gnome/goa-identity-service | 5 --- apparmor.d/groups/gnome/gsd-a11y-settings | 9 +---- apparmor.d/groups/gnome/gsd-color | 17 ++------ apparmor.d/groups/gnome/gsd-datetime | 9 +---- .../groups/gnome/gsd-disk-utility-notify | 5 --- apparmor.d/groups/gnome/gsd-housekeeping | 16 ++------ apparmor.d/groups/gnome/gsd-keyboard | 30 ++++---------- apparmor.d/groups/gnome/gsd-media-keys | 26 ++++-------- apparmor.d/groups/gnome/gsd-power | 17 ++------ .../groups/gnome/gsd-print-notifications | 16 +++----- apparmor.d/groups/gnome/gsd-printer | 2 +- apparmor.d/groups/gnome/gsd-rfkill | 14 +++---- apparmor.d/groups/gnome/gsd-screensaver-proxy | 9 +---- apparmor.d/groups/gnome/gsd-sharing | 17 +++----- apparmor.d/groups/gnome/gsd-smartcard | 9 +---- apparmor.d/groups/gnome/gsd-sound | 9 +---- apparmor.d/groups/gnome/gsd-wacom | 32 +++++---------- apparmor.d/groups/gnome/gsd-xsettings | 39 +++++++----------- apparmor.d/groups/gnome/tracker-extract | 40 ++++++------------- apparmor.d/groups/gnome/tracker-miner | 33 +++++---------- .../groups/gvfs/gvfs-afc-volume-monitor | 12 +----- .../groups/gvfs/gvfs-mtp-volume-monitor | 8 +--- apparmor.d/groups/gvfs/gvfsd | 12 +----- apparmor.d/groups/gvfs/gvfsd-dnssd | 6 +-- apparmor.d/groups/gvfs/gvfsd-fuse | 6 +-- apparmor.d/groups/gvfs/gvfsd-metadata | 19 +++------ apparmor.d/groups/gvfs/gvfsd-smb-browse | 14 +------ apparmor.d/groups/gvfs/gvfsd-trash | 5 --- apparmor.d/groups/network/NetworkManager | 7 ++-- apparmor.d/groups/network/nm-dispatcher | 11 ++--- apparmor.d/groups/ubuntu/update-notifier | 5 --- apparmor.d/profiles-a-f/atril | 6 +-- apparmor.d/profiles-a-f/atrild | 8 +--- apparmor.d/profiles-a-f/engrampa | 16 +------- apparmor.d/profiles-a-f/evince | 5 --- apparmor.d/profiles-a-f/fprintd | 12 ++---- 47 files changed, 176 insertions(+), 438 deletions(-) diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index 41d017e9..de1d92be 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -2,6 +2,11 @@ # Copyright (C) 2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only + dbus send bus=session path=/org/gtk/Settings + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=:*, label=gsd-xsettings), + /etc/gtk-{3,4}.0/settings.ini r, owner @{user_config_dirs}/gtk-{3,4}.0/ rw, diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index ed550f71..e5585788 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -9,6 +9,7 @@ include @{exec_path} = @{bin}/ibus-daemon profile ibus-daemon @{exec_path} flags=(attach_disconnected) { include + include include include include @@ -24,11 +25,6 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.Peer peer=(name=org.freedesktop.portal.IBus), # all members, all peer's labels - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 813955ef..d5c00801 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -28,18 +28,13 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), + dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3, dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index a8e1191c..bf846ed2 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -38,6 +38,12 @@ profile pulseaudio @{exec_path} { network bluetooth stream, network bluetooth seqpacket, + dbus bind bus=session name=org.freedesktop.ReserveDevice[0-9].Audio[0-9], + + dbus bind bus=session name=org.PulseAudio[0-9], + + dbus bind bus=session name=org.pulseaudio*, + dbus send bus=session path=/Client[0-9]*/EntryGroup[0-9]* interface=org.freedesktop.Avahi.EntryGroup member={GetState,AddService,AddServiceSubtype,Commit} @@ -63,11 +69,6 @@ profile pulseaudio @{exec_path} { member=Free peer=(name=org.freedesktop.Avahi), - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus), - dbus receive bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,RequestName,ReleaseName} @@ -78,21 +79,6 @@ profile pulseaudio @{exec_path} { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.freedesktop.ReserveDevice[0-9].Audio[0-9], - - dbus bind bus=session - name=org.PulseAudio[0-9], - - dbus bind bus=session - name=org.pulseaudio*, - - dbus send bus=system - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={Hello,AddMatch,RemoveMatch} - peer=(name=org.freedesktop.DBus), - dbus send bus=system path=/org/freedesktop/RealtimeKit1 member={Get,MakeThreadHighPriority,MakeThreadRealtime} peer=(name=org.freedesktop.RealtimeKit1), @@ -118,19 +104,19 @@ profile pulseaudio @{exec_path} { peer=(name=org.freedesktop.Avahi), dbus send bus=system path=/ - interface=org.freedesktop.hostname[0-9] + interface=org.freedesktop.hostname1 member=Get - peer=(name=/org/freedesktop/hostname[0-9]), + peer=(name=/org/freedesktop/hostname1), - dbus send bus=system path=/org/freedesktop/hostname[0-9] + dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties member=Get - peer=(name=/org/freedesktop/hostname[0-9]), + peer=(name=/org/freedesktop/hostname1), - dbus send bus=system path=/org/freedesktop/hostname[0-9] + dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties member=Get - peer=(name=org.freedesktop.hostname[0-9]), + peer=(name=org.freedesktop.hostname1), dbus receive bus=system path=/org/bluez/hci*/** interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 3d892469..ee0c4a32 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -10,6 +10,7 @@ include profile xdg-desktop-portal-gtk @{exec_path} { include include + include include include include @@ -84,11 +85,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { member={RunningApplicationsChanged,WindowsChanged} peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), - dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties member=GetAll @@ -119,9 +115,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { member=GetAll peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.freedesktop.impl.portal.desktop.gtk, - @{exec_path} mr, /usr/share/X11/xkb/{,**} r, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 2fa9b76f..0e58ecff 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -50,7 +50,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) { dbus receive bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session - member=PauseDevice, + member=PauseDevice peer=(name=org.freedesktop.login1, label=systemd-logind), @{exec_path} mrix, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 62670ddf..e6a805e1 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -27,10 +27,10 @@ profile gdm-wayland-session @{exec_path} { interface=org.gnome.DisplayManager.Manager member=RegisterDisplay, - dbus send bus=session path=/org/freedesktop/systemd[0-9]* + dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties member=Get - peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined), + peer=(name=org.freedesktop.systemd1, label=@{systemd}), dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index cd6d9eaf..2e9f2048 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -18,10 +18,10 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) { signal (send) set=term peer=xorg, signal (send) set=term peer=gnome-session-binary, - dbus bus=session path=/org/freedesktop/systemd[0-9]* + dbus bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties member=Get - peer=(name=org.freedesktop.systemd[0-9]*), + peer=(name=org.freedesktop.systemd1), dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index 8f08e90d..4f8c8ded 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -29,7 +29,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { member=PropertiesChanged peer=(name=:*, label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1 + dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession peer=(name=org.freedesktop.login1), diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index f0b676b4..13797280 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -34,12 +34,14 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { signal (send) set=(term) peer=at-spi-bus-launcher, signal (send) set=(term) peer=gsd-*, + dbus bind bus=session name=org.gnome.SessionManager, + dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus - member={RequestName,ReleaseName,UpdateActivationEnvironment,GetConnectionUnixUser,GetConnectionUnixProcessID} + member={ReleaseName,UpdateActivationEnvironment,GetConnectionUnixUser,GetConnectionUnixProcessID} peer=(name=org.freedesktop.DBus label=dbus-daemon), - dbus send bus=system path=/org/freedesktop/login1 + dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={CanPowerOff,GetSession,PowerOff,Inhibit,Reboot} peer=(name=:*, label=systemd-logind), @@ -92,16 +94,24 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-*,gnome-*,xdg-desktop-portal-*}"), - dbus send bus=session path=/org/freedesktop/systemd[0-9]* - interface=org.freedesktop.systemd[0-9]*.Manager - peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined), # all members + dbus send bus=session path=/org/freedesktop/systemd1 + interface=org.freedesktop.systemd1.Manager + peer=(name=org.freedesktop.systemd1, label=@{systemd}), # all members - dbus send bus=session path=/org/gnome/Mutter/IdleMonitor + dbus send bus=session path=/org/freedesktop/systemd1 + interface=org.freedesktop.systemd1.Manager + peer=(name=:*, label=@{systemd}), + + dbus send bus=session path=/org/freedesktop/systemd1 + interface=org.freedesktop.DBus.Properties + peer=(name=:*, label=@{systemd}), + + dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core + dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core interface=org.gnome.Mutter.IdleMonitor member={AddIdleWatch,AddUserActiveWatch,RemoveWatch} peer=(name=:*, label=gnome-shell), @@ -126,9 +136,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gnome.SessionManager, - @{exec_path} mr, @{bin}/{,z,ba,da}sh rix, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 2fb87243..ecaeca02 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -9,6 +9,7 @@ include @{exec_path} = @{lib}/gnome-terminal-server profile gnome-terminal-server @{exec_path} { include + include include include include @@ -20,8 +21,7 @@ profile gnome-terminal-server @{exec_path} { signal (send) set=(term hup kill) peer=unconfined, ptrace (read) peer=unconfined, - dbus bind bus=session - name=org.gnome.Terminal, + dbus bind bus=session name=org.gnome.Terminal, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 01626ec4..21ab84be 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -12,11 +12,6 @@ profile goa-identity-service @{exec_path} { include include - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus receive bus=session path=/org/gnome/Identity interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 1fc42e76..e18cc4d6 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -14,12 +14,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -34,7 +29,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 979b1616..33305da9 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -22,10 +22,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gnome.SettingsDaemon.Color, dbus (send, receive) bus=system path=/org/freedesktop/ColorManager{,/devices/*} interface=org.freedesktop.ColorManager*, @@ -39,17 +36,12 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), - dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*} interface=org.freedesktop.DBus.Properties member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -59,7 +51,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -89,9 +81,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gnome.SettingsDaemon.Color, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 571ba6e2..1b48a953 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -14,12 +14,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -34,7 +29,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index dc8d223e..b3821893 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -12,11 +12,6 @@ profile gsd-disk-utility-notify @{exec_path} { include include - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus receive bus=system path=/org/freedesktop/UDisks2{,/**} interface=org.freedesktop.DBus.{Properties,ObjectManager}, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 128f8fda..c6b5aa3f 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -10,6 +10,7 @@ include profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include + include include include include @@ -17,10 +18,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gnome*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gnome.SettingsDaemon.Housekeeping, dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager @@ -37,7 +35,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -52,14 +50,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), - - dbus bind bus=session - name=org.gnome.SettingsDaemon.Housekeeping, - @{exec_path} mr, /etc/fstab r, diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 015e2e16..2324b15b 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -10,6 +10,7 @@ include profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include include + include include include include @@ -22,26 +23,14 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=system path=/org/freedesktop/locale[0-9] - interface=org.freedesktop.DBus.Properties - member=GetAll, - - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), + dbus bind bus=session name=org.gnome.SettingsDaemon.Keyboard, dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*} interface=org.freedesktop.DBus.Properties member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -51,7 +40,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -61,19 +50,16 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), + dbus send bus=system path=/org/freedesktop/locale1 + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=:*, label=systemd-localed), dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gnome.SettingsDaemon.Keyboard, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 6358b776..671cfb01 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -26,20 +26,15 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { network netlink raw, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties member=GetAll, - dbus send bus=system path=/org/freedesktop/login1 + dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=Inhibit, - dbus send bus=system path=/org/freedesktop/login1 + dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=PowerOff, @@ -52,7 +47,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.Properties member=PropertiesChanged, - dbus send bus=system path=/org/freedesktop/hostname[0-9] + dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties member=Get, @@ -65,7 +60,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -75,7 +70,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -85,7 +80,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/Shell + dbus send bus=session path=/org/gnome/Shell interface=org.freedesktop.DBus.Properties member=GetAll peer=(name=:*, label=gnome-shell), @@ -95,7 +90,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gnome/Shell + dbus send bus=session path=/org/gnome/Shell interface=org.gnome.Shell member={GrabAccelerators,UngrabAccelerators} peer=(name=:*, label=gnome-shell), @@ -115,7 +110,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member=ListNames peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus send bus=session path=/org/gnome/SettingsDaemon/Power + dbus send bus=session path=/org/gnome/SettingsDaemon/Power interface=org.freedesktop.DBus.Properties member=GetAll peer=(name=:*, label=gsd-power), @@ -125,11 +120,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member=PropertiesChanged peer=(name=:*, label=gsd-power), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), - dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core interface=org.gnome.Mutter.IdleMonitor member=WatchFired diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 27cae2b2..aa9b1a53 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -11,6 +11,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { include include include + include include include include @@ -66,7 +67,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -76,7 +77,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -106,17 +107,12 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged,Set} peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), - dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core + dbus send bus=session path=/org/gnome/Mutter/IdleMonitor/Core interface=org.gnome.Mutter.IdleMonitor member={AddIdleWatch,AddUserActiveWatch,RemoveWatch} peer=(name=:*, label=gnome-shell), @@ -126,11 +122,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member=WatchFired peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver member=ActiveChanged diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index be2c2798..d07e9e34 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -19,20 +19,17 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(hup) peer=gsd-printer, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gnome.SettingsDaemon.PrintNotifications, dbus (send,receive) bus=system path=/Client[0-9]*/ServiceBrowser[0-9]* interface=org.freedesktop.Avahi.ServiceBrowser member={CacheExhausted,AllForNow,CacheExhausted,AllForNow,Free}, - dbus send bus=system path=/ + dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer member=Ping, - dbus send bus=system path=/ + dbus send bus=system path=/ interface=org.freedesktop.Avahi.Server member={GetAPIVersion,GetState,ServiceBrowserNew}, @@ -48,7 +45,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -63,7 +60,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -73,9 +70,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gnome.SettingsDaemon.PrintNotifications, - @{exec_path} mr, @{lib}/gsd-printer rPx, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index ad4cbb5e..59780e66 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -35,7 +35,7 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 27f231a2..95ab671c 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -16,11 +16,6 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { network netlink raw, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus send bus=system path=/org/freedesktop/hostname[0-9] interface=org.freedesktop.DBus.Properties member=Get, @@ -33,6 +28,11 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects, + dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill + interface=org.freedesktop.DBus.Properties + member=PropertiesChanged + peer=(name=org.freedesktop.DBus, label=gsd-media-keys), + dbus receive bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager member={CheckPermissions,StateChanged}, @@ -46,7 +46,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -56,7 +56,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 6d53bab5..af0ea909 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -13,17 +13,12 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*} interface=org.freedesktop.DBus.Properties member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), @@ -33,7 +28,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index b4041741..df7e6bbc 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -9,19 +9,14 @@ include @{exec_path} = @{lib}/gsd-sharing profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include - include + include include include include signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=system path=/org/freedesktop + dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name=:*, label=NetworkManager), @@ -36,7 +31,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member=StateChanged peer=(name=:*, label=NetworkManager), - dbus send bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]* + dbus send bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]* interface=org.freedesktop.NetworkManager.Settings.Connection member=GetSettings peer=(name=:*, label=NetworkManager), @@ -51,7 +46,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member=PropertiesChanged peer=(name=:*, label=NetworkManager), - dbus send bus=system path=/org/freedesktop/NetworkManager + dbus send bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager member=GetPermissions peer=(name=:*, label=NetworkManager), @@ -61,7 +56,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member=CheckPermissions peer=(name=:*, label=NetworkManager), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -76,7 +71,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 16f78944..4a4d002b 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -16,12 +16,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -36,7 +31,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 9d640bf3..151df92d 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -15,12 +15,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -35,7 +30,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 2e095643..4fde49ed 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -10,6 +10,7 @@ include profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include include + include include include include @@ -21,27 +22,24 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, hup) peer=gdm*, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom, - dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*} + dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client@{int}} interface=org.freedesktop.DBus.Properties member={GetAll,PropertiesChanged} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client@{int} interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus receive bus=session path=/org/gnome/SessionManager/Client@{int} interface=org.gnome.SessionManager.ClientPrivate member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member=RegisterClient peer=(name=:*, label=gnome-session-binary), @@ -51,24 +49,16 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), + dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=:*, label=gnome-shell), + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), - - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*, label=gvfsd), - - dbus bind bus=session - name=org.gnome.SettingsDaemon.Wacom, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index e7d94cc5..c9fd4b03 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -29,22 +29,14 @@ profile gsd-xsettings @{exec_path} { network inet6 dgram, network netlink raw, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName,GetId} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gtk.Settings, - dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User[0-9]* - interface=org.freedesktop.Accounts.User - member={SetInputSources,Changed,GetAll}, + dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings, - dbus (send,receive) bus=system path=/org/freedesktop/Accounts{,/User[0-9]*} + dbus receive bus=session path=/org/gtk/Settings interface=org.freedesktop.DBus.Properties - member={GetAll,PropertiesChanged}, - - dbus send bus=system path=/org/freedesktop/Accounts - interface=org.freedesktop.Accounts - member=FindUserByName, + member=GetAll + peer=(name=:*), # many peer's labels dbus receive bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts @@ -56,12 +48,12 @@ profile gsd-xsettings @{exec_path} { member={ClientAdded,ClientRemoved,SessionRunning} peer=(name=:*, label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus send bus=session path=/org/gnome/SessionManager/Client@{int} interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/org/gnome/SessionManager/Client[0-9]* + dbus receive bus=session path=/org/gnome/SessionManager/Client@{int} interface=org.gnome.SessionManager.ClientPrivate member={EndSession,QueryEndSession,CancelEndSession,Stop} peer=(name=:*, label=gnome-session-binary), @@ -71,11 +63,6 @@ profile gsd-xsettings @{exec_path} { member=GetAll peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*), # many peer's labels - dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig member=GetCurrentState @@ -86,11 +73,15 @@ profile gsd-xsettings @{exec_path} { member=Get peer=(name=org.gnome.Shell.Introspect, label=gnome-shell), - dbus bind bus=session - name=org.gtk.Settings, + dbus send bus=session path=/org/gtk/vfs/mounttracker + interface=org.gtk.vfs.MountTracker + member=ListMountableInfo + peer=(name=:*, label=gvfsd), - dbus bind bus=session - name=org.gnome.SettingsDaemon.XSettings, + dbus receive bus=session + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=:*, label=gnome-shell), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index ed03d899..dc8c30e5 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -26,32 +26,16 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term) peer=gdm, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.DBus.Peer - member=Ping - peer=(name=org.freedesktop.Tracker3.Miner.Files), - - dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.Tracker3.Endpoint - peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner), # all members - - dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.Tracker3.Endpoint - peer=(name=:*, label=tracker-miner), # all members - - dbus send bus=session path=/org/freedesktop/Tracker3/Miner/** + dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Extract, + dbus send bus=session path=/org/freedesktop/Tracker3/Miner/** interface=org.freedesktop.Tracker3.Miner - peer=(name=org.freedesktop.DBus, label=tracker-miner), # all members - - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountable* - peer=(name=:*, label=gvfsd), + peer=(name=org.freedesktop.DBus, label=tracker-miner), + dbus send bus=session path=/org/freedesktop/Tracker3/** + interface=org.freedesktop.DBus.Properties + peer=(name=org.freedesktop.Tracker3.*), # all members + dbus receive bus=session path=/org/freedesktop/Tracker3/** + interface=org.freedesktop.Tracker3.* + peer=(name=:*), # all members dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor @@ -63,6 +47,10 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*, label=gnome-shell), + dbus send bus=session path=/org/gtk/vfs/mounttracker + interface=org.gtk.vfs.MountTracker + member=ListMount* + peer=(name=:*, label=gvfsd), dbus receive bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker member={Mounted,ListMounts2} @@ -78,8 +66,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { member={GetTreeFromDevice,Remove} peer=(name=:*, label=gvfsd-metadata), - dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Extract, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 5e1910bf..7368c3a2 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/tracker-miner-fs-{,control-}3 profile tracker-miner @{exec_path} flags=(attach_disconnected) { include - include + include include include include @@ -23,10 +23,15 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { signal (receive) set=(term, kill) peer=gdm, signal (receive) set=(hup) peer=gdm-session-worker, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Files{,.Control}, + + dbus (send, receive) bus=session path=/org/freedesktop/Tracker3/** + interface=org.freedesktop.Tracker3.* + peer=(name=:*), # all members + + dbus receive bus=session path=/org/freedesktop/Tracker3/** + interface=org.freedesktop.DBus.{Peer,Properties} + peer=(name=:*, label=tracker-extract), dbus send bus=system path=/org/freedesktop/UPower{,/devices/DisplayDevice} interface=org.freedesktop.DBus.Properties @@ -42,29 +47,11 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { member={List,IsSupported} peer=(name=:*, label=gvfs-*-volume-monitor), - dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.DBus.Peer - peer=(name=:*), - - dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.Tracker3.Endpoint - peer=(name=org.freedesktop.DBus), # all members - - dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint - interface=org.freedesktop.Tracker3.Endpoint - peer=(name=:*), # all members - - dbus receive bus=session path=/org/freedesktop/Tracker3/Miner/** - interface=org.freedesktop.Tracker3.Miner - peer=(name=:*), # all members - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session name=org.freedesktop.Tracker3.Miner.*, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 6522514b..2357778a 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -12,24 +12,16 @@ profile gvfs-afc-volume-monitor @{exec_path} { include include - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - + dbus bind bus=session name=org.gtk.vfs.AfcVolumeMonitor, dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor - member={List,IsSupported} - peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,nautilus,tracker-*,unconfined}"), + peer=(name=:*), dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gtk.vfs.AfcVolumeMonitor, - @{exec_path} mr, include if exists diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index d057aa66..fff1b126 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -15,10 +15,7 @@ profile gvfs-mtp-volume-monitor @{exec_path} { network netlink raw, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor, dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor @@ -30,9 +27,6 @@ profile gvfs-mtp-volume-monitor @{exec_path} { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gtk.vfs.MTPVolumeMonitor, - @{exec_path} mr, include if exists diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index c09858c5..bd8b059d 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -10,18 +10,13 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd profile gvfsd @{exec_path} { include - include include - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.gtk.vfs.Daemon, dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker - member=Mounted - peer=(name=org.freedesktop.DBus, label="{gvfsd-*,gnome-*,tracker-miner}"), + peer=(name=org.freedesktop.DBus), dbus receive bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker @@ -47,9 +42,6 @@ profile gvfsd @{exec_path} { member=Introspect peer=(name=:*, label=gnome-shell), - dbus bind bus=session - name=org.gtk.vfs.Daemon, - @{exec_path} mr, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index 2ca3131e..328fec8f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -10,6 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include + include include include @@ -36,11 +37,6 @@ profile gvfsd-dnssd @{exec_path} { member=Mount peer=(name=:*, label=gvfsd), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=RegisterMount - peer=(name=:*, label=gvfsd), - dbus send bus=session path=/org/gtk/gvfs/exec_spaw/[0-9]* interface=org.gtk.vfs.Spawner member=Spawned diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 72e4c1ea..36e496b9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -10,17 +10,13 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-fuse profile gvfsd-fuse @{exec_path} { include - include + include include unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - peer=(name=:*, label=gvfsd), # all members - dbus receive bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker member=Mounted diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index e8092486..7d060273 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -10,7 +10,6 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-metadata profile gvfsd-metadata @{exec_path} { include - include include include @@ -18,32 +17,24 @@ profile gvfsd-metadata @{exec_path} { signal (receive) set=(usr1) peer=pacman, - dbus bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus receive bus=session - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), - + dbus bind bus=session name=org.gtk.vfs.Metadata, dbus receive bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties member=GetAll peer=(name=:*, label=gnome-extension-ding), - dbus send bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata member=AttributeChanged peer=(name=org.freedesktop.DBus, label=gnome-extension-ding), - dbus receive bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata member={GetTreeFromDevice,Remove} peer=(name=:*, label=gnome-shell), - dbus bind bus=session name=org.gtk.vfs.Metadata, + dbus receive bus=session + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=:*, label=gnome-shell), @{exec_path} mr, diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 0dbd4e38..9f9cf640 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -10,6 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include + include include include include @@ -20,15 +21,7 @@ profile gvfsd-smb-browse @{exec_path} { network inet dgram, network inet6 dgram, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMounts2 - peer=(name=:*, label=gvfsd), + dbus bind bus=session name=org.gtk.vfs.mountpoint_smb_browse, dbus receive bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker @@ -45,9 +38,6 @@ profile gvfsd-smb-browse @{exec_path} { member=Spawned peer=(name=:*, label=gvfsd), - dbus bind bus=session - name=org.gtk.vfs.mountpoint_smb_browse, - @{exec_path} mr, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index 6be0fda9..a586cb8a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -41,11 +41,6 @@ profile gvfsd-trash @{exec_path} { member=RegisterMount peer=(name=:*, label=gvfsd), - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=RequestName - peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 604f451a..10b50ac9 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -37,8 +37,11 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { signal (send) set=(term) peer=dnsmasq, + dbus bind bus=system name=org.freedesktop.NetworkManager, + dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager{,/**} - interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,NetworkManager*}, + interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,NetworkManager*} + peer=(name=:*), dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority @@ -93,8 +96,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.Properties peer=(name=:*), - dbus bind bus=system name=org.freedesktop.NetworkManager, - @{exec_path} mr, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index 5172c71e..2b272dca 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -20,15 +20,10 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=unconfined, - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName}, - + dbus bind bus=system name=org.freedesktop.nm_dispatcher, dbus receive bus=system path=/org/freedesktop/nm_dispatcher - interface=org.freedesktop.nm_dispatcher, - - dbus bind bus=system - name=org.freedesktop.nm_dispatcher, + interface=org.freedesktop.nm_dispatcher + peer=(name=:*), @{exec_path} mr, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index bd93da5d..dd78040e 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -28,11 +28,6 @@ profile update-notifier @{exec_path} { interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties} peer=(name=:*, label=gnome-shell), - dbus send bus=session path=/org/gtk/Settings - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*, label=gsd-xsettings), - dbus send bus=session path=/StatusNotifierWatcher interface=org.kde.StatusNotifierWatcher member=RegisterStatusNotifierItem diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index efc1aa83..01046002 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -11,6 +11,7 @@ include profile atril @{exec_path} { include include + include include include include @@ -25,11 +26,6 @@ profile atril @{exec_path} { network netlink raw, - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=ListMountableInfo - peer=(name=:*), - dbus send bus=session path=/org/mate/atril/{,**} peer=(name=org.freedesktop.DBus, label=atrild), # all interfaces and members diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index d6bbc0ea..d8607e01 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -11,17 +11,11 @@ profile atrild @{exec_path} { include include - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=dbus-daemon), + dbus bind bus=session name=org.mate.atril.Daemon, dbus (send, receive) bus=session path=/org/mate/atril/** peer=(name="{:*,org.freedesktop.DBus}", label=atril), # all interfaces and members - dbus bind bus=session - name=org.mate.atril.Daemon, - @{exec_path} mr, include if exists diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 18cfa7fa..17af89e9 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -11,6 +11,7 @@ include profile engrampa @{exec_path} { include include + include include include include @@ -34,21 +35,6 @@ profile engrampa @{exec_path} { member={IsSupported,List} peer=(name=:*), - dbus send bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member={ListMounts2,LookupMount} - peer=(name=:*), - - dbus receive bus=session path=/org/gtk/vfs/mounttracker - interface=org.gtk.vfs.MountTracker - member=Mounted - peer=(name=:*), - - dbus send bus=session path=/org/gtk/vfs/Daemon - interface=org.gtk.vfs.Daemon - member=GetConnection - peer=(name=:*), - dbus receive bus=session path=/org/gtk/Application/anonymous interface=org.freedesktop.DBus.Properties member=GetAll diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index e76cf1f8..e2c33c8e 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -25,11 +25,6 @@ profile evince @{exec_path} { deny network inet, deny network inet6, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus), - dbus send bus=session path=/org/gtk/vfs/metadata interface=org.gtk.vfs.Metadata member={Set,GetTreeFromDevice} diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index cb7944c3..414606d7 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -18,22 +18,16 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { network netlink raw, + dbus bind bus=system name=net.reactivated.Fprint, dbus receive bus=system path=/net/reactivated/Fprint/Manager - interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager}, - - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus), + interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager} + peer=(name=:*), dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=Inhibit peer=(name=org.freedesktop.login1), - dbus bind bus=system - name=net.reactivated.Fprint, - @{exec_path} mr, /etc/fprintd.conf r,