mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(dbus): dbus rules cleanup (3)
This commit is contained in:
Alexandre Pujol
parent
cd391bae01
commit
d75fa9bbd5
47 changed files with 176 additions and 438 deletions
|
|
@ -2,6 +2,11 @@
|
|||
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
/etc/gtk-{3,4}.0/settings.ini r,
|
||||
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/ rw,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/ibus-daemon
|
||||
profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -24,11 +25,6 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Peer
|
||||
peer=(name=org.freedesktop.portal.IBus), # all members, all peer's labels
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -28,18 +28,13 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) {
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3,
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -38,6 +38,12 @@ profile pulseaudio @{exec_path} {
|
|||
network bluetooth stream,
|
||||
network bluetooth seqpacket,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.ReserveDevice[0-9].Audio[0-9],
|
||||
|
||||
dbus bind bus=session name=org.PulseAudio[0-9],
|
||||
|
||||
dbus bind bus=session name=org.pulseaudio*,
|
||||
|
||||
dbus send bus=session path=/Client[0-9]*/EntryGroup[0-9]*
|
||||
interface=org.freedesktop.Avahi.EntryGroup
|
||||
member={GetState,AddService,AddServiceSubtype,Commit}
|
||||
|
|
@ -63,11 +69,6 @@ profile pulseaudio @{exec_path} {
|
|||
member=Free
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,RequestName,ReleaseName}
|
||||
|
|
@ -78,21 +79,6 @@ profile pulseaudio @{exec_path} {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.freedesktop.ReserveDevice[0-9].Audio[0-9],
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.PulseAudio[0-9],
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.pulseaudio*,
|
||||
|
||||
dbus send bus=system
|
||||
path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,AddMatch,RemoveMatch}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/RealtimeKit1
|
||||
member={Get,MakeThreadHighPriority,MakeThreadRealtime}
|
||||
peer=(name=org.freedesktop.RealtimeKit1),
|
||||
|
|
@ -118,19 +104,19 @@ profile pulseaudio @{exec_path} {
|
|||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.hostname[0-9]
|
||||
interface=org.freedesktop.hostname1
|
||||
member=Get
|
||||
peer=(name=/org/freedesktop/hostname[0-9]),
|
||||
peer=(name=/org/freedesktop/hostname1),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
dbus send bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=/org/freedesktop/hostname[0-9]),
|
||||
peer=(name=/org/freedesktop/hostname1),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
dbus send bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.hostname[0-9]),
|
||||
peer=(name=org.freedesktop.hostname1),
|
||||
|
||||
dbus receive bus=system path=/org/bluez/hci*/**
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile xdg-desktop-portal-gtk @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -84,11 +85,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
|||
member={RunningApplicationsChanged,WindowsChanged}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
@ -119,9 +115,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
|||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.freedesktop.impl.portal.desktop.gtk,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/X11/xkb/{,**} r,
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.login1.Session
|
||||
member=PauseDevice,
|
||||
member=PauseDevice
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
|
|
|||
|
|
@ -27,10 +27,10 @@ profile gdm-wayland-session @{exec_path} {
|
|||
interface=org.gnome.DisplayManager.Manager
|
||||
member=RegisterDisplay,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd[0-9]*
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined),
|
||||
peer=(name=org.freedesktop.systemd1, label=@{systemd}),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=term peer=xorg,
|
||||
signal (send) set=term peer=gnome-session-binary,
|
||||
|
||||
dbus bus=session path=/org/freedesktop/systemd[0-9]*
|
||||
dbus bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.systemd[0-9]*),
|
||||
peer=(name=org.freedesktop.systemd1),
|
||||
|
||||
dbus send bus=system path=/org/gnome/DisplayManager/Manager
|
||||
interface=org.gnome.DisplayManager.Manager
|
||||
|
|
|
|||
|
|
@ -34,9 +34,11 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=(term) peer=at-spi-bus-launcher,
|
||||
signal (send) set=(term) peer=gsd-*,
|
||||
|
||||
dbus bind bus=session name=org.gnome.SessionManager,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName,UpdateActivationEnvironment,GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
member={ReleaseName,UpdateActivationEnvironment,GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
|
|
@ -92,9 +94,17 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member={GetAll,PropertiesChanged}
|
||||
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-*,gnome-*,xdg-desktop-portal-*}"),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd[0-9]*
|
||||
interface=org.freedesktop.systemd[0-9]*.Manager
|
||||
peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined), # all members
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
peer=(name=org.freedesktop.systemd1, label=@{systemd}), # all members
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
peer=(name=:*, label=@{systemd}),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=@{systemd}),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
|
|
@ -126,9 +136,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SessionManager,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,z,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gnome-terminal-server
|
||||
profile gnome-terminal-server @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -20,8 +21,7 @@ profile gnome-terminal-server @{exec_path} {
|
|||
signal (send) set=(term hup kill) peer=unconfined,
|
||||
ptrace (read) peer=unconfined,
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.Terminal,
|
||||
dbus bind bus=session name=org.gnome.Terminal,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -12,11 +12,6 @@ profile goa-identity-service @{exec_path} {
|
|||
include <abstractions/authentication>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Identity
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
member=RegisterClient
|
||||
|
|
|
|||
|
|
@ -22,10 +22,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Color,
|
||||
|
||||
dbus (send, receive) bus=system path=/org/freedesktop/ColorManager{,/devices/*}
|
||||
interface=org.freedesktop.ColorManager*,
|
||||
|
|
@ -39,11 +36,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged}
|
||||
|
|
@ -89,9 +81,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.Color,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
member=RegisterClient
|
||||
|
|
|
|||
|
|
@ -12,11 +12,6 @@ profile gsd-disk-utility-notify @{exec_path} {
|
|||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/UDisks2{,/**}
|
||||
interface=org.freedesktop.DBus.{Properties,ObjectManager},
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/app-launcher-user>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
|
|
@ -17,10 +18,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
signal (receive) set=(term, hup) peer=gnome*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Housekeeping,
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
|
|
@ -52,14 +50,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.Housekeeping,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/fstab r,
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -22,19 +23,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/locale[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Keyboard,
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
@ -61,19 +50,16 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
|||
member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
dbus send bus=system path=/org/freedesktop/locale1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=systemd-localed),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.Keyboard,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -26,11 +26,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
|
@ -52,7 +47,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
dbus send bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
|
|
@ -125,11 +120,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
member=PropertiesChanged
|
||||
peer=(name=:*, label=gsd-power),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
||||
interface=org.gnome.Mutter.IdleMonitor
|
||||
member=WatchFired
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -106,11 +107,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
member={GetAll,PropertiesChanged,Set}
|
||||
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-media-keys,gnome-shell}"),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/IdleMonitor
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
|
|
@ -126,11 +122,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
member=WatchFired
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
member=ActiveChanged
|
||||
|
|
|
|||
|
|
@ -19,10 +19,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
signal (send) set=(hup) peer=gsd-printer,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.PrintNotifications,
|
||||
|
||||
dbus (send,receive) bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
|
|
@ -73,9 +70,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.PrintNotifications,
|
||||
|
||||
@{exec_path} mr,
|
||||
@{lib}/gsd-printer rPx,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,11 +16,6 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
|
@ -33,6 +28,11 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus, label=gsd-media-keys),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
|
|
|
|||
|
|
@ -13,11 +13,6 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged}
|
||||
|
|
|
|||
|
|
@ -9,18 +9,13 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-sharing
|
||||
profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-network-manager-strict>
|
||||
include <abstractions/bus/network-manager>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
|
|
|
|||
|
|
@ -16,11 +16,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
member=RegisterClient
|
||||
|
|
|
|||
|
|
@ -15,11 +15,6 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager
|
||||
interface=org.gnome.SessionManager
|
||||
member=RegisterClient
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -21,22 +22,19 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Wacom,
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client[0-9]*}
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/Client@{int}}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]*
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Client@{int}
|
||||
interface=org.gnome.SessionManager.ClientPrivate
|
||||
member=EndSessionResponse
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SessionManager/Client[0-9]*
|
||||
dbus receive bus=session path=/org/gnome/SessionManager/Client@{int}
|
||||
interface=org.gnome.SessionManager.ClientPrivate
|
||||
member={CancelEndSession,QueryEndSession,EndSession,Stop}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
|
@ -51,24 +49,16 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
|||
member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Wacom
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.Wacom,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -29,22 +29,14 @@ profile gsd-xsettings @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName,GetId}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gtk.Settings,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts/User[0-9]*
|
||||
interface=org.freedesktop.Accounts.User
|
||||
member={SetInputSources,Changed,GetAll},
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.XSettings,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/Accounts{,/User[0-9]*}
|
||||
dbus receive bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.Accounts
|
||||
member=FindUserByName,
|
||||
member=GetAll
|
||||
peer=(name=:*), # many peer's labels
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.Accounts
|
||||
|
|
@ -56,12 +48,12 @@ profile gsd-xsettings @{exec_path} {
|
|||
member={ClientAdded,ClientRemoved,SessionRunning}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Client[0-9]*
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Client@{int}
|
||||
interface=org.gnome.SessionManager.ClientPrivate
|
||||
member=EndSessionResponse
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SessionManager/Client[0-9]*
|
||||
dbus receive bus=session path=/org/gnome/SessionManager/Client@{int}
|
||||
interface=org.gnome.SessionManager.ClientPrivate
|
||||
member={EndSession,QueryEndSession,CancelEndSession,Stop}
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
|
@ -71,11 +63,6 @@ profile gsd-xsettings @{exec_path} {
|
|||
member=GetAll
|
||||
peer=(name=:*, label=gnome-session-binary),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*), # many peer's labels
|
||||
|
||||
dbus send bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member=GetCurrentState
|
||||
|
|
@ -86,11 +73,15 @@ profile gsd-xsettings @{exec_path} {
|
|||
member=Get
|
||||
peer=(name=org.gnome.Shell.Introspect, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.Settings,
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gnome.SettingsDaemon.XSettings,
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -26,32 +26,16 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term) peer=gdm,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.Tracker3.Miner.Files),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=:*, label=tracker-miner), # all members
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Extract,
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Miner/**
|
||||
interface=org.freedesktop.Tracker3.Miner
|
||||
peer=(name=org.freedesktop.DBus, label=tracker-miner), # all members
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountable*
|
||||
peer=(name=:*, label=gvfsd),
|
||||
peer=(name=org.freedesktop.DBus, label=tracker-miner),
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.Tracker3.*), # all members
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.Tracker3.*
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
|
|
@ -63,6 +47,10 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMount*
|
||||
peer=(name=:*, label=gvfsd),
|
||||
dbus receive bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member={Mounted,ListMounts2}
|
||||
|
|
@ -78,8 +66,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
|||
member={GetTreeFromDevice,Remove}
|
||||
peer=(name=:*, label=gvfsd-metadata),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Extract,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/tracker-miner-fs-{,control-}3
|
||||
profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -23,10 +23,15 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, kill) peer=gdm,
|
||||
signal (receive) set=(hup) peer=gdm-session-worker,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Files{,.Control},
|
||||
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.Tracker3.*
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.DBus.{Peer,Properties}
|
||||
peer=(name=:*, label=tracker-extract),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower{,/devices/DisplayDevice}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
@ -42,29 +47,11 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
|||
member={List,IsSupported}
|
||||
peer=(name=:*, label=gvfs-*-volume-monitor),
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=org.freedesktop.DBus), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Miner/**
|
||||
interface=org.freedesktop.Tracker3.Miner
|
||||
peer=(name=:*), # all members
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.*,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
|
|||
|
|
@ -12,24 +12,16 @@ profile gvfs-afc-volume-monitor @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus bind bus=session name=org.gtk.vfs.AfcVolumeMonitor,
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
member={List,IsSupported}
|
||||
peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,nautilus,tracker-*,unconfined}"),
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.AfcVolumeMonitor,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/gvfs-afc-volume-monitor>
|
||||
|
|
|
|||
|
|
@ -15,10 +15,7 @@ profile gvfs-mtp-volume-monitor @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor,
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
|
|
@ -30,9 +27,6 @@ profile gvfs-mtp-volume-monitor @{exec_path} {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.MTPVolumeMonitor,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/gvfs-mtp-volume-monitor>
|
||||
|
|
|
|||
|
|
@ -10,18 +10,13 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd
|
||||
profile gvfsd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.gtk.vfs.Daemon,
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=Mounted
|
||||
peer=(name=org.freedesktop.DBus, label="{gvfsd-*,gnome-*,tracker-miner}"),
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
|
|
@ -47,9 +42,6 @@ profile gvfsd @{exec_path} {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.Daemon,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd-dnssd
|
||||
profile gvfsd-dnssd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
||||
|
|
@ -36,11 +37,6 @@ profile gvfsd-dnssd @{exec_path} {
|
|||
member=Mount
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=RegisterMount
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/gtk/gvfs/exec_spaw/[0-9]*
|
||||
interface=org.gtk.vfs.Spawner
|
||||
member=Spawned
|
||||
|
|
|
|||
|
|
@ -10,17 +10,13 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd-fuse
|
||||
profile gvfsd-fuse @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount),
|
||||
|
||||
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
peer=(name=:*, label=gvfsd), # all members
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=Mounted
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd-metadata
|
||||
profile gvfsd-metadata @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-gtk>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/disks-read>
|
||||
|
||||
|
|
@ -18,32 +17,24 @@ profile gvfsd-metadata @{exec_path} {
|
|||
|
||||
signal (receive) set=(usr1) peer=pacman,
|
||||
|
||||
dbus bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.gtk.vfs.Metadata,
|
||||
dbus receive bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-extension-ding),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
member=AttributeChanged
|
||||
peer=(name=org.freedesktop.DBus, label=gnome-extension-ding),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
member={GetTreeFromDevice,Remove}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.gtk.vfs.Metadata,
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/{,gvfs/}gvfsd-smb-browse
|
||||
profile gvfsd-smb-browse @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -20,15 +21,7 @@ profile gvfsd-smb-browse @{exec_path} {
|
|||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMounts2
|
||||
peer=(name=:*, label=gvfsd),
|
||||
dbus bind bus=session name=org.gtk.vfs.mountpoint_smb_browse,
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
|
|
@ -45,9 +38,6 @@ profile gvfsd-smb-browse @{exec_path} {
|
|||
member=Spawned
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.gtk.vfs.mountpoint_smb_browse,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -41,11 +41,6 @@ profile gvfsd-trash @{exec_path} {
|
|||
member=RegisterMount
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -37,8 +37,11 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (send) set=(term) peer=dnsmasq,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.NetworkManager,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,NetworkManager*},
|
||||
interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,NetworkManager*}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
|
|
@ -93,8 +96,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.NetworkManager,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -20,15 +20,10 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read) peer=unconfined,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName},
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.nm_dispatcher,
|
||||
dbus receive bus=system path=/org/freedesktop/nm_dispatcher
|
||||
interface=org.freedesktop.nm_dispatcher,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.nm_dispatcher,
|
||||
interface=org.freedesktop.nm_dispatcher
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -28,11 +28,6 @@ profile update-notifier @{exec_path} {
|
|||
interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierWatcher
|
||||
interface=org.kde.StatusNotifierWatcher
|
||||
member=RegisterStatusNotifierItem
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
|||
profile atril @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -25,11 +26,6 @@ profile atril @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/mate/atril/{,**}
|
||||
peer=(name=org.freedesktop.DBus, label=atrild), # all interfaces and members
|
||||
|
||||
|
|
|
|||
|
|
@ -11,17 +11,11 @@ profile atrild @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
dbus bind bus=session name=org.mate.atril.Daemon,
|
||||
|
||||
dbus (send, receive) bus=session path=/org/mate/atril/**
|
||||
peer=(name="{:*,org.freedesktop.DBus}", label=atril), # all interfaces and members
|
||||
|
||||
dbus bind bus=session
|
||||
name=org.mate.atril.Daemon,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/atrild>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
|||
profile engrampa @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/vfs>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -34,21 +35,6 @@ profile engrampa @{exec_path} {
|
|||
member={IsSupported,List}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member={ListMounts2,LookupMount}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=Mounted
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/Daemon
|
||||
interface=org.gtk.vfs.Daemon
|
||||
member=GetConnection
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Application/anonymous
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
|
|||
|
|
@ -25,11 +25,6 @@ profile evince @{exec_path} {
|
|||
deny network inet,
|
||||
deny network inet6,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
member={Set,GetTreeFromDevice}
|
||||
|
|
|
|||
|
|
@ -18,22 +18,16 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=system name=net.reactivated.Fprint,
|
||||
dbus receive bus=system path=/net/reactivated/Fprint/Manager
|
||||
interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
interface={org.freedesktop.DBus.Properties,net.reactivated.Fprint.Manager}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member=Inhibit
|
||||
peer=(name=org.freedesktop.login1),
|
||||
|
||||
dbus bind bus=system
|
||||
name=net.reactivated.Fprint,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/fprintd.conf r,
|
||||
|
|
|
|||
Loading…
Reference in a new issue