apparmor.d/dists/ubuntu/abstractions/xdg-open
2021-12-05 00:13:11 +00:00

84 lines
2.2 KiB
Plaintext

# vim:syntax=apparmor
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via xdg-open helper. xdg-open abstraction
# will allow to use gio-open, kde-open5 and other helpers of the different
# desktop environments.
#
# Usage example:
#
# ```
# profile foo /usr/bin/foo {
# ...
# /usr/bin/xdg-open rPx -> foo//xdg-open,
# ...
# } # end of main profile
#
# # out-of-line child profile
# profile foo//xdg-open {
# include <abstractions/xdg-open>
#
# # Enable a11y support if considered required by
# # profile author for (rare) error message boxes.
# include <abstractions/dbus-accessibility>
#
# # Enable gstreamer support if considered required by
# # profile author for (rare) error message boxes.
# include if exists <abstractions/gstreamer>
#
# # needed for ubuntu-* abstractions
# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
# include <abstractions/ubuntu-browsers>
# include <abstractions/ubuntu-email>
#
# # < add additional allowed applications here >
# }
# ```
include <abstractions/base>
# for openin with `exo-open`
include <abstractions/exo-open>
# for opening with `gio open <uri>`
include <abstractions/gio-open>
# for opening with gvfs-open (deprecated)
include <abstractions/gvfs-open>
# for opening with kde-open5
include <abstractions/kde-open5>
# Main executables
/{,usr/}bin/{b,d}ash mr,
/usr/bin/xdg-open r,
# Additional executables
/usr/bin/xdg-mime rix,
/{,usr/}bin/cut rix, # for xdg-mime
/{,usr/}bin/head rix, # for xdg-mime
/{,usr/}bin/sed rix, # for xdg-open
/{,usr/}bin/tr rix, # for xdg-mime
/{,usr/}bin/which rix, # for xdg-open
/{,usr/}bin/{grep,egrep} rix, # for xdg-open
# System files
/dev/pts/[0-9]* rw,
/dev/tty w,
/etc/gnome/defaults.list r, # for grep
/usr/share/applications/mimeinfo.cache r, # for grep
/usr/share/terminfo/s/screen r, # for bash on openSUSE
/usr/share/{,*/}applications/{,*.desktop} r, # for xdg-mime
/var/lib/menu-xdg/applications/ r, # for xdg-mime
# Usr files
owner @{HOME}/.local/share/applications/{,*.desktop} r,
# Include additions to the abstraction
include if exists <abstractions/xdg-open.d>