From d8ff8c8cd6a32f90bd2e39926fbb8f2a0e748dbf Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 26 Nov 2023 23:07:02 +0000 Subject: [PATCH] feat(kde): add some kde profiles. --- apparmor.d/groups/bus/dbus-run-session | 8 +- apparmor.d/groups/kde/DiscoverNotifier | 45 ++++++++++++ .../groups/kde/kde-systemd-start-condition | 19 +++++ apparmor.d/groups/kde/kiod5 | 39 ++++++++++ apparmor.d/groups/kde/ksplashqml | 29 ++++++++ apparmor.d/groups/kde/systemsettings | 73 +++++++++++++++++++ dists/flags/main.flags | 2 + 7 files changed, 208 insertions(+), 7 deletions(-) create mode 100644 apparmor.d/groups/kde/DiscoverNotifier create mode 100644 apparmor.d/groups/kde/kde-systemd-start-condition create mode 100644 apparmor.d/groups/kde/kiod5 create mode 100644 apparmor.d/groups/kde/ksplashqml create mode 100644 apparmor.d/groups/kde/systemsettings diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session index e3e09200..64d180c3 100644 --- a/apparmor.d/groups/bus/dbus-run-session +++ b/apparmor.d/groups/bus/dbus-run-session @@ -9,7 +9,6 @@ include @{exec_path} = @{bin}/dbus-run-session profile dbus-run-session @{exec_path} { include - # include signal (receive) set=(term, kill, hup) peer=gdm*, signal (send) set=term peer=dbus-daemon, @@ -20,20 +19,15 @@ profile dbus-run-session @{exec_path} { @{bin}/gnome-session rix, @{bin}/gnome-shell rPx, @{bin}/gsettings rPx, - @{bin}/startplasma-wayland rPUx, + @{bin}/startplasma-wayland rPx, @{lib}/gnome-session-binary rPx, - # /usr/share/glib-2.0/schemas/gschemas.compiled r, - # /usr/share/gdm/greeter-dconf-defaults r, - # /usr/share/dconf/profile/gdm r, - /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/.cache/dconf/ rw, /var/lib/gdm{3,}/greeter-dconf-defaults r, owner @{PROC}/@{pid}/fd/ r, - # file_inherit /dev/tty rw, /dev/tty@{int} rw, diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier new file mode 100644 index 00000000..79f62c4e --- /dev/null +++ b/apparmor.d/groups/kde/DiscoverNotifier @@ -0,0 +1,45 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/DiscoverNotifier +profile DiscoverNotifier @{exec_path} { + include + include + include + include + include + include + include + include + + network inet dgram, + network inet6 dgram, + network netlink dgram, + + @{exec_path} mr, + + /etc/flatpak/remotes.d/ r, + + /var/lib/flatpak/repo/{,**} r, + + owner @{user_cache_dirs}/flatpak/{,**} rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, + + owner @{user_config_dirs}/kdedefaults/kdeglobals r, + owner @{user_config_dirs}/kdedefaults/kwinrc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kwinrc r, + + owner @{user_share_dirs}/flatpak/{,**} rw, + + @{PROC}/sys/kernel/core_pattern r, + + /dev/tty r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/kde-systemd-start-condition b/apparmor.d/groups/kde/kde-systemd-start-condition new file mode 100644 index 00000000..da9a57fd --- /dev/null +++ b/apparmor.d/groups/kde/kde-systemd-start-condition @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/kde-systemd-start-condition +profile kde-systemd-start-condition @{exec_path} { + include + + @{exec_path} mr, + + owner @{user_config_dirs}/baloofilerc r, + owner @{user_config_dirs}/plasma-welcomerc r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/kiod5 b/apparmor.d/groups/kde/kiod5 new file mode 100644 index 00000000..d87c359f --- /dev/null +++ b/apparmor.d/groups/kde/kiod5 @@ -0,0 +1,39 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/kf5/kiod5 +profile kiod5 @{exec_path} { + include + include + include + include + include + include + + @{exec_path} mr, + + /usr/share/icons/breeze/index.theme r, + /usr/share/mime/{,**} r, + /usr/share/mime/generic-icons r, + /usr/share/qt/translations/*.qm r, + + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_cache_dirs}/mesa_shader_cache/index rw, + + owner @{user_config_dirs}/#@{int} rw, + owner @{user_config_dirs}/kdedefaults/kdeglobals r, + owner @{user_config_dirs}/kdedefaults/kwinrc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/ksslcertificatemanager rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/ksslcertificatemanager.lock rwk, + owner @{user_config_dirs}/kwinrc r, + + /dev/tty r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml new file mode 100644 index 00000000..686f4ec5 --- /dev/null +++ b/apparmor.d/groups/kde/ksplashqml @@ -0,0 +1,29 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/ksplashqml +profile ksplashqml @{exec_path} { + include + include + include + include + include + include + include + include + include + + @{exec_path} mr, + + /usr/share/plasma/** r, + + owner @{user_config_dirs}/kdedefaults/* r, + owner @{user_config_dirs}/kdeglobals r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/systemsettings b/apparmor.d/groups/kde/systemsettings new file mode 100644 index 00000000..28df9ca7 --- /dev/null +++ b/apparmor.d/groups/kde/systemsettings @@ -0,0 +1,73 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/systemsettings +profile systemsettings @{exec_path} { + include + include + include + include + include + include + include + include + include + include + + network netlink raw, + + @{exec_path} mr, + + @{bin}/kcminit rPx, + + /usr/share/hwdata/pnp.ids r, + /usr/share/kpackage/{,**} r, + /usr/share/kservices5/{,**} r, + /usr/share/kservicetypes5/{,**} r, + /usr/share/kxmlgui5/systemsettings/systemsettingsui.rc r, + /usr/share/mime/ r, + /usr/share/plasma/{,**} r, + /usr/share/systemsettings/{,**} r, + /usr/share/kinfocenter/{,**} r, + /usr/share/sddm/themes/{,**} r, + + /etc/fstab r, + /etc/machine-id r, + /etc/xdg/menus/ r, + /etc/xdg/ui/ui_standards.rc r, + + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_cache_dirs}/kinfocenter/{,**} rwl, + owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/systemsettings/ rw, + owner @{user_cache_dirs}/systemsettings/** rwl -> @{user_cache_dirs}/systemsettings/**, + + owner @{user_config_dirs}/#@{int} rw, + owner @{user_config_dirs}/kde.org/{,**} rwlk, + owner @{user_config_dirs}/kdedefaults/* r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kinfocenterrc* rwlk, + owner @{user_config_dirs}/kwinrc r, + owner @{user_config_dirs}/systemsettingsrc.lock rwk, + owner @{user_config_dirs}/systemsettingsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, + + owner @{user_share_dirs}/kactivitymanagerd/resources/database rk, + owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk, + owner @{user_share_dirs}/kactivitymanagerd/resources/database-wal rw, + + @{sys}/bus/ r, + @{sys}/bus/cpu/devices/ r, + @{sys}/class/ r, + + @{PROC}/sys/kernel/core_pattern r, + owner @{PROC}/@{pid}/mounts r, + + /dev/tty r, + + include if exists +} \ No newline at end of file diff --git a/dists/flags/main.flags b/dists/flags/main.flags index fd663b35..64518e80 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -180,6 +180,7 @@ kauth-kinfocenter-dmidecode-helper complain kcminit complain kconf_update complain kde-powerdevil attach_disconnected,mediate_deleted,complain +kde-systemd-start-condition complain kded5 complain kernel-install complain kglobalaccel5 complain @@ -190,6 +191,7 @@ kioslave5 complain kmod attach_disconnected,complain kscreen_backend_launcher complain ksmserver attach_disconnected,mediate_deleted,complain +ksplashqml complain kwin_wayland attach_disconnected,mediate_deleted,complain kwin_wayland_wrapper complain kwin_x11 complain