apparmor.d/profiles/usr.bin.pidgin
2021-04-01 16:02:59 +01:00

87 lines
2.5 KiB
Text

# vim:syntax=apparmor
include <tunables/global>
/usr/bin/pidgin {
include <abstractions/audio>
include <abstractions/base>
include <abstractions/bash>
include <abstractions/dbus-session>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/enchant>
include <abstractions/gnome>
include <abstractions/gstreamer>
include <abstractions/ibus>
include <abstractions/nameservice>
include <abstractions/private-files-strict>
include <abstractions/ssl_certs>
include <abstractions/ubuntu-browsers>
include <abstractions/ubuntu-helpers>
include <abstractions/user-download>
dbus receive
bus=system
path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged,PropertiesChanged}
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=state
peer=(label=unconfined),
deny ptrace,
deny capability sys_ptrace,
deny @{HOME}/.local/share/applications/wine/ r,
owner @{HOME}/.purple/ rw,
owner @{HOME}/.purple/** rwk,
owner @{HOME}/.purple/plugins/*.so m,
owner @{HOME}/.config/indicators/ rw,
owner @{HOME}/.config/indicators/** rw,
owner @{HOME}/.local/share/applications/ r,
# Uncomment the two following lines if you want to allow Pidgin to update
# any DConf setting:
# owner @{HOME}/.{cache,config}/dconf/user rw,
# owner /{,var/}run/user/[0-9]*/dconf/user rwk,
/{usr/,}bin/dash rix,
/{usr/,}bin/which rix,
# NB: the preferred browser and proxy settings must be configured
# in the GNOME preferences: this profile does not allow running
# the corresponding external configuration applications.
/usr/bin/gconftool-2 rPix,
/usr/bin/gnome-open rmix,
/usr/bin/gsettings rix,
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
/usr/bin/xdg-open rmix,
/etc/purple/prefs.xml r,
/usr/lib/frei0r-1/*.so rm,
/usr/lib/@{multiarch}/libvisual-*/**.so rm,
/usr/lib/pidgin/*.so rm,
/usr/lib/purple*/*.so rm,
# pidgin-blinklight plugin
/usr/lib/pidgin-blinklight/blinklight-fixperm rPix,
@{PROC}/acpi/ibm/light rwk,
/usr/share/purple/ca-certs/ r,
/usr/share/purple/ca-certs/** r,
/usr/share/tcltk/** r,
/usr/share/themes/ r,
owner @{PROC}/@{pid}/auxv r,
owner @{PROC}/@{pid}/fd/ r,
# Site-specific additions and overrides. See local/README for details.
include <local/usr.bin.pidgin>
}