mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(dbus): add/update dbus abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-16 21:26:10 +00:00
parent 8f1052546e
commit dc3f292d45
Failed to generate hash of commit
5 changed files with 34 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/abstractions/bus/org.freedesktop.PackageKit
View file

@ -7,4 +7,14 @@
member=GetAll
peer=(name=:*, label=packagekitd),
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.freedesktop.PackageKit, label=packagekitd),
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.PackageKit
member=StateHasChanged
peer=(name=org.freedesktop.PackageKit, label=packagekitd),
include if exists <abstractions/bus/org.freedesktop.PackageKit.d>

4
apparmor.d/abstractions/bus/org.freedesktop.login1.Session
View file

@ -15,7 +15,7 @@
dbus send bus=system path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint}
peer=(name=:*, label=systemd-logind),
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
dbus receive bus=system path=/org/freedesktop/login1/session/*
interface=org.freedesktop.DBus.Properties
@ -25,6 +25,6 @@
dbus receive bus=system path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member={PauseDevice,Unlock}
peer=(name=:*, label=systemd-logind),
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
include if exists <abstractions/bus/org.freedesktop.login1.Session.d>

10
apparmor.d/abstractions/bus/org.freedesktop.resolve1 Normal file
View file

@ -0,0 +1,10 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
dbus send bus=system path=/org/freedesktop/resolve1
interface=org.freedesktop.resolve1.Manager
member={SetLink*,ResolveHostname}
peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
include if exists <abstractions/bus/org.freedesktop.resolve1.d>

11
apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor
View file

@ -5,11 +5,16 @@
dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor
member={List,IsSupported,VolumeChanged,VolumeMount,MountAdded}
peer=(name=:*, label=gvfs-*-monitor),
peer=(name=:*, label=gvfs-udisks2-volume-monitor),
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor
member={MountAdded,VolumeChanged}
peer=(name=:*, label=gvfs-*-volume-monitor),
member={MountAdded,MountChanged,VolumeChanged,VolumeRemoved}
peer=(name=:*, label=gvfs-udisks2-volume-monitor),
dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor
member={VolumeAdded,DriveDisconnected,DriveConnected,DriveChanged}
peer=(name=:*, label=gvfs-udisks2-volume-monitor),
include if exists <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor.d>

5
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -44,7 +44,10 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
/var/lib/lightdm/.Xauthority r,
/var/log/lightdm/seat[0-9]*-greeter.log w,
@{run}/systemd/users/@{uid} r,
@{run}/systemd/users/@{uid} r,
owner @{run}/user/@{uid}/at-spi/ rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/at-spi/bus_@{int} rw,
@{sys}/kernel/security/apparmor/.access rw,
@{sys}/kernel/security/apparmor/features/dbus/mask r,