Deduplicate and revert

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2025-01-31 07:17:22 +01:00 · 2024-02-24 11:17:57 +01:00 · 2024-02-24 11:17:57 +01:00 · f807d5a190
commit f807d5a190
parent 13079bbd7e
2 changed files with 2 additions and 39 deletions
--- a/apparmor.d/abstractions/systemd-common
+++ b/apparmor.d/abstractions/systemd-common
@ -3,14 +3,8 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

-  capability sys_ptrace,
-
  ptrace (read) peer=@{systemd},

-  owner @{lib}/systemd/{,systemd} r,
-
-  owner @{run}/systemd/system/ r,
-
  @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,

@ -20,7 +14,6 @@
        @{PROC}/cmdline r,
        @{PROC}/sys/kernel/osrelease r,
        @{PROC}/sys/kernel/random/boot_id r,
-  owner @{PROC}/filesystems r,
  owner @{PROC}/@{pid}/stat r,

  /dev/kmsg w,
--- a/apparmor.d/profiles-a-f/bluetoothd
+++ b/apparmor.d/profiles-a-f/bluetoothd
@ -28,22 +28,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
  dbus receive bus=system path=/
       interface=org.freedesktop.DBus.ObjectManager
       member=GetManagedObjects
-       peer=(name=:*, label=brave),
-
-  dbus receive bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
-       peer=(name=:*, label=NetworkManager),
-
-  dbus receive bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
-       peer=(name=:*, label=pulseaudio),
-
-  dbus receive bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
-       peer=(name=:*, label=upowerd),
+       peer=(name=:*, label="{brave,NetworkManager,pulseaudio,upowerd}"),

  dbus send bus=system path=/MediaEndpoint
       interface=org.freedesktop.DBus.ObjectManager
@ -63,22 +48,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
  dbus send bus=system path=/
       interface=org.freedesktop.DBus.ObjectManager
       member=InterfacesRemoved
-       peer=(name=org.freedesktop.DBus, label=fwupd),
-
-  dbus send bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=InterfacesRemoved
-       peer=(name=org.freedesktop.DBus, label=NetworkManager),
-
-  dbus send bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=InterfacesRemoved
-       peer=(name=org.freedesktop.DBus, label=pulseaudio),
-
-  dbus send bus=system path=/
-       interface=org.freedesktop.DBus.ObjectManager
-       member=InterfacesRemoved
-       peer=(name=org.freedesktop.DBus, label=upowerd),
+       peer=(name=org.freedesktop.DBus, label="{jwupd,NetworkManager,pulseaudio,upowerd}"),

  @{exec_path} mr,