diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index a8af280f..d2e5e0a1 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -34,7 +34,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { member=ListMountableInfo peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 42b0dd64..0f4c06ce 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -19,7 +19,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 40a4deb1..d0a7c65d 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -57,7 +57,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { member=Embed peer=(name=org.a11y.atspi.Registry), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 6405bb50..9bf8b13f 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -19,7 +19,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { member={RequestName,ReleaseName} peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 2a7e4d5c..26d61c14 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -73,7 +73,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { member=GetAddress peer=(name=org.a11y.Bus, label=at-spi-bus-launcher), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 37b26d37..f664d583 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -29,7 +29,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { member=Change peer=(name=:*), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 3d6a9c14..ba3ef288 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -38,7 +38,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { member=Get peer=(name=org.freedesktop.RealtimeKit[0-9]), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index 9d425fa2..977427eb 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -31,7 +31,7 @@ profile pipewire-media-session @{exec_path} { member=MakeThreadRealtime peer=(name=org.freedesktop.RealtimeKit1), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index fa3f9251..8f9b707e 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -75,7 +75,8 @@ profile pulseaudio @{exec_path} { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus bind bus=session name=org.freedesktop.ReserveDevice[0-9].Audio[0-9], diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index fe4a7f83..623b1779 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -97,7 +97,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { member=Lookup peer=(name=:*, label=xdg-permission-store), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index dae6ecec..a259bbe3 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -117,7 +117,7 @@ profile xdg-desktop-portal-gnome @{exec_path} { member=Read peer=(name=:*, label=xdg-desktop-portal), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index b228a050..6c8e769f 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -21,12 +21,9 @@ profile evolution-source-registry @{exec_path} { network inet6 dgram, network netlink raw, - dbus (receive) bus=session path=/org/gnome/evolution/dataserver{,/**} - interface=org.freedesktop.DBus.Introspectable - peer=(name=:*, label=gnome-shell), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 44402f4f..ca1efc1b 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -31,7 +31,7 @@ profile gdm-wayland-session @{exec_path} { member=Get peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 9207a397..e0642fb0 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -41,14 +41,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/org/freedesktop/Notifications + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), - - dbus receive bus=session path=/org/freedesktop - interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/freedesktop/Notifications @@ -68,11 +63,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.Properties peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/{,org} - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), - dbus bind bus=session name=org.gnome.ScreenSaver, dbus bind bus=session name=org.freedesktop.Notifications, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 95ba661f..dccd508e 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -324,10 +324,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*), # all paths and peer's labels - dbus receive bus=session path=/{,org,StatusNotifierWatcher} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect - peer=(name=:*, label=gnome-shell), # itself + peer=(name=:*, label=gnome-shell), dbus (send, receive) bus=session path=/org/gnome/SettingsDaemon/Rfkill interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 8a1440c6..1fc42e76 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -44,7 +44,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index a6cfa808..55a017c5 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -108,7 +108,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { member=Embed peer=(name=org.a11y.atspi.Registry), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index acd19d13..571ba6e2 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -44,7 +44,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 01c39f99..649b72ca 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -85,7 +85,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { member=ListMountableInfo peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index c8ee845c..be405377 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -149,7 +149,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member=EventListenerDeregistered peer=(name=:*, label=at-spi2-registryd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index e96ef7d5..7cf79777 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -160,7 +160,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member=ActiveChanged peer=(name=:*, label=gjs-console), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 32dd8d21..4a9871cd 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -68,7 +68,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { member=RegisterClient peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 64b56cdd..ef20c976 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -45,10 +45,10 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { member={EndSession,QueryEndSession,CancelEndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*), + member=Introspect + peer=(name=:*, label=gnome-shell), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index e185fc2d..27f231a2 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -76,7 +76,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { member=PropertiesChanged peer=(name=org.freedesktop.DBus, label=gnome-shell), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index c94dc467..6d53bab5 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -43,7 +43,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 68daa16d..2b230e88 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -91,7 +91,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member=StopUnit peer=(name=org.freedesktop.systemd[0-9]*), # all peer's labels - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 86862656..16f78944 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -56,7 +56,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 69280869..9d640bf3 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -45,7 +45,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 8049df0b..134bdea7 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -75,7 +75,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 11e5b64e..90df3ce8 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -60,7 +60,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/gtk/vfs/mounttracker diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 5f22ae84..db353830 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -52,7 +52,7 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { member={List,IsSupported} peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"), - dbus receive bus=session path=/{,org,org/gtk,org/gtk/Private,org/gtk/Private/RemoteVolumeMonitor} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index f3ed674c..93e263e9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -35,7 +35,7 @@ profile gvfsd-trash @{exec_path} { member=Spawned peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index ce36afa3..96aeaccf 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -20,16 +20,16 @@ profile software-properties-dbus @{exec_path} { member=RequestName peer=(name=org.freedesktop.DBus), - dbus receive bus=system path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus receive bus=system path=/ interface=com.ubuntu.SoftwareProperties member=Reload, - dbus bind bus=system - name=com.ubuntu.SoftwareProperties, + dbus bind bus=system name=com.ubuntu.SoftwareProperties, @{exec_path} mr, diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index 64426e33..a6a792f4 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -20,13 +20,10 @@ profile software-properties-gtk @{exec_path} { include include - dbus (send,receive) bus=system path=/com/canonical/UbuntuAdvantage/{,**} - interface=org.freedesktop.DBus.Introspectable - member=Introspect, - - dbus send bus=system path=/ - interface=org.freedesktop.DBus.Introspectable - member=Introspect, + dbus receive bus=session + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=:*, label=gnome-shell), dbus send bus=system path=/ interface=com.ubuntu.SoftwareProperties diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon index b11d555d..68319cce 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon @@ -19,13 +19,10 @@ profile ubuntu-advantage-desktop-daemon @{exec_path} flags=(attach_disconnected) member=RequestName peer=(name=org.freedesktop.DBus), - dbus receive bus=system path=/com/canonical/UbuntuAdvantage/{Manager,Services/*} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, - - dbus receive bus=system path=/ - interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 8ad33698..29cff0a2 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -75,8 +75,8 @@ profile thunderbird @{exec_path} { member={UserAdded,UserRemoved} peer=(name=:*, label=systemd-logind), - dbus receive bus=system path=/{,org{,/mozilla{,/thunderbird{,/Remote}}}} - interface==org.freedesktop.DBus.Introspectable + dbus receive bus=system + interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 6fa6328d..da77fb2e 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -25,7 +25,7 @@ profile wireplumber @{exec_path} { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), @{exec_path} mr,