feat(profiles): improve freedesktop profiles.

2024-11-15 07:54:17 +01:00 · 2023-11-22 20:07:31 +00:00 · 2023-11-22 20:07:31 +00:00 · da51cdba64
commit da51cdba64
parent 6c6646e1f6
5 changed files with 13 additions and 9 deletions
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@ -16,13 +16,15 @@ profile colord @{exec_path} flags=(attach_disconnected) {

  network netlink raw,

-  dbus send bus=system path=/org/freedesktop/DBus
-       interface=org.freedesktop.DBus
-       member={GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName,ReleaseName},
+  dbus bind bus=system name=org.freedesktop.ColorManager,

  dbus (send,receive) bus=system path=/org/freedesktop/ColorManager{,/**}
       interface=org.freedesktop.ColorManager*,

+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName,ReleaseName},
+
  dbus send    bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
       interface=org.freedesktop.PolicyKit[0-9].Authority
       member=CheckAuthorization
@ -52,9 +54,6 @@ profile colord @{exec_path} flags=(attach_disconnected) {
       member=GetAll
       peer=(name=:*, label="{@{profile_name},gsd-color}"),

-  dbus bind bus=system 
-       name=org.freedesktop.ColorManager,
-
  @{exec_path} mr,

  @{lib}/{,colord/}colord-sane  rPx,
--- a/apparmor.d/groups/freedesktop/dconf-editor
+++ b/apparmor.d/groups/freedesktop/dconf-editor
@ -19,6 +19,7 @@ profile dconf-editor @{exec_path} {
  @{exec_path} mr,

  /usr/share/glib-2.0/schemas/{,*} r,
+  /usr/share/X11/xkb/{,**} r,

  # When GSETTINGS_BACKEND=keyfile
  owner @{user_config_dirs}/glib-2.0/ rw,
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@ -55,7 +55,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
  /etc/pipewire/pipewire.conf r,
  /etc/pipewire/pipewire.conf.d/{,*} r,

-  /var/lib/gdm/.config/pulse/cookie rk,
+  /var/lib/gdm{3,}/.config/pulse/cookie rk,

  / r,
  /.flatpak-info r,
--- a/apparmor.d/groups/freedesktop/pulseaudio
+++ b/apparmor.d/groups/freedesktop/pulseaudio
@ -138,8 +138,8 @@ profile pulseaudio @{exec_path} {

  @{exec_path} mrix,

-  @{lib}/pulse/gsettings-helper mrix,
-  @{lib}/@{multiarch}/pulse/gconf-helper mrix,
+  @{lib}/pulse/gsettings-helper rix,
+  @{lib}/@{multiarch}/pulse/gconf-helper rix,
  @{lib}/pulse-*/modules/*.so mr,

  /usr/share/ladspa/rdf/{,*} r,
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
@ -128,6 +128,10 @@ profile xdg-desktop-portal-gnome @{exec_path} {

  @{exec_path} mr,

+  / r,
+  @{bin}/ r,
+  @{bin}/* r,
+
  /usr/share/X11/xkb/{,**} r,

  /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,