mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profiles): cleanup dbus daemon related profile.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-13 23:10:00 +00:00
parent e99f7de703
commit e8fcc12c98
Failed to generate hash of commit
1 changed files with 7 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
apparmor.d/groups/freedesktop/at-spi2-registryd
View file

@ -10,14 +10,18 @@ include <tunables/global>
@{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi2-registryd @{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi2-registryd
profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dbus-session-strict> include <abstractions/dbus-session>
include <abstractions/dbus-accessibility-strict> include <abstractions/dbus-accessibility>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/X-strict>
signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gdm*,
signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=dbus-daemon,
unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*", label="{xorg,xkbcomp}"), dbus bind bus=accessibility name=org.a11y.atspi.Registry,
dbus (send, receive) bus=accessibility path=/org/a11y/atspi/registry
interface=org.a11y.atspi.Registry,
dbus send bus=session path=/org/freedesktop/DBus dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus
@ -53,16 +57,6 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
member=Embed member=Embed
peer=(name=:*), # all peer's labels peer=(name=:*), # all peer's labels
dbus send bus=accessibility path=/org/a11y/atspi/registry
interface=org.a11y.atspi.Registry
member=EventListenerDeregistered
peer=(name=org.freedesktop.DBus), # all peer's labels
dbus receive bus=accessibility path=/org/a11y/atspi/registry
interface=org.a11y.atspi.Registry
member=GetRegisteredEvents
peer=(name=:*), # all peer's labels
dbus receive bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller dbus receive bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
interface=org.a11y.atspi.DeviceEventController interface=org.a11y.atspi.DeviceEventController
member={GetKeystrokeListeners,GetDeviceEventListeners} member={GetKeystrokeListeners,GetDeviceEventListeners}
@ -78,22 +72,8 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
member=Introspect member=Introspect
peer=(name=:*, label=gnome-shell), peer=(name=:*, label=gnome-shell),
dbus bind bus=accessibility
name=org.a11y.atspi.Registry,
@{exec_path} mr, @{exec_path} mr,
/var/lib/lightdm/.Xauthority r,
owner @{HOME}/.Xauthority r,
owner @{HOME}/.xsession-errors w,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner /tmp/xauth_@{rand6} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/xauth_@{rand6} r,
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,
include if exists <local/at-spi2-registryd> include if exists <local/at-spi2-registryd>