From eb1c03949f71d58748e76ac6d4ae1128d29114eb Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 27 Aug 2023 14:40:56 +0100 Subject: [PATCH] feat(abs): improve some abstraction. --- apparmor.d/abstractions/chromium-common | 1 + apparmor.d/abstractions/disks-read | 6 ++++-- apparmor.d/abstractions/disks-write | 10 ++++++---- apparmor.d/abstractions/qt5-shader-cache | 1 + apparmor.d/abstractions/totem | 1 - apparmor.d/abstractions/zsh | 2 +- 6 files changed, 13 insertions(+), 8 deletions(-) diff --git a/apparmor.d/abstractions/chromium-common b/apparmor.d/abstractions/chromium-common index 6956cad5..985964bd 100644 --- a/apparmor.d/abstractions/chromium-common +++ b/apparmor.d/abstractions/chromium-common @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Mikhail Morfikov +# Copyright (C) 2022-2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 5484b04a..484de9b4 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -16,11 +16,13 @@ /dev/{s,v}d[a-z]*@{int} rk, @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r, @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r, - @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r, + @{sys}/devices/@{pci}{,/**}/ata@{int}/** r, + @{sys}/devices/@{pci}{,/**}/usb@{int}/** r, + @{sys}/devices/@{pci}{,/**}/virtio@{int}/** r, # SSD Nvme devices /dev/nvme[0-9]* rk, - @{sys}/devices/pci[0-9]*/**/nvme/nvme@{int}/{,**} r, + @{sys}/devices/@{pci}{,/**}/nvme/nvme@{int}/{,**} r, # SD card devices /dev/mmcblk[0-9]* rk, diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 7b088692..58c32256 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -14,13 +14,15 @@ # Regular disk/partition devices /dev/{s,v}d[a-z]* rwk, /dev/{s,v}d[a-z]*@{int} rwk, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r, - @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r, + @{sys}/devices/@{pci}{,/**}/block/{s,v}d[a-z]/ r, + @{sys}/devices/@{pci}{,/**}/block/{s,v}d[a-z]/** r, + @{sys}/devices/@{pci}{,/**}/ata@{int}/** r, + @{sys}/devices/@{pci}{,/**}/usb@{int}/** r, + @{sys}/devices/@{pci}{,/**}/virtio@{int}/** r, # SSD Nvme devices /dev/nvme[0-9]* rwk, - @{sys}/devices/pci[0-9]*/**/nvme/nvme@{int}/{,**} r, + @{sys}/devices/@{pci}{,/**}/nvme/nvme@{int}/{,**} r, # SD card devices /dev/mmcblk[0-9]* rwk, diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index d89b89b8..dd178900 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -5,6 +5,7 @@ abi , + owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem index 41da792a..e553eccc 100644 --- a/apparmor.d/abstractions/totem +++ b/apparmor.d/abstractions/totem @@ -45,7 +45,6 @@ owner @{PROC}/@{pid}/{mountinfo,status} r, - @{run}/udev/data/c* r, @{run}/udev/data/+drm:card* r, @{run}/udev/data/+usb* r, diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index 3ca67f1d..7d7c2a47 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-2.0-only # This abstraction is only required when an interactive shell is started. -# Classic bash scripts do not need it. +# Classic shell scripts do not need it. abi ,