2009-11-11 11:42:30 -08:00
|
|
|
# vim:syntax=apparmor
|
|
|
|
|
# privacy-violations-strict contains additional rules for sensitive
|
2012-01-06 10:29:32 -06:00
|
|
|
# files that you want to explicitly deny access
|
2009-11-11 11:42:30 -08:00
|
|
|
|
2020-05-05 00:08:39 -07:00
|
|
|
abi <abi/3.0>,
|
|
|
|
|
|
2020-06-09 23:28:41 +02:00
|
|
|
include <abstractions/private-files>
|
2009-11-11 11:42:30 -08:00
|
|
|
|
|
|
|
|
# potentially extremely sensitive files
|
2018-11-19 16:13:57 -06:00
|
|
|
audit deny @{HOME}/.aws/{,**} mrwkl,
|
2018-09-27 11:42:03 -05:00
|
|
|
audit deny @{HOME}/.gnupg/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.ssh/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
|
2018-09-27 14:42:14 -05:00
|
|
|
audit deny @{HOME}/.gnome2/ w,
|
2018-09-27 11:42:03 -05:00
|
|
|
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
|
2013-12-19 23:19:40 -08:00
|
|
|
# don't allow access to any gnome-keyring modules
|
2020-02-13 11:02:49 +02:00
|
|
|
audit deny @{run}/user/[0-9]*/keyring** mrwkl,
|
2018-09-27 11:42:03 -05:00
|
|
|
audit deny @{HOME}/.mozilla/{,**} mrwkl,
|
2018-09-27 14:42:14 -05:00
|
|
|
audit deny @{HOME}/.config/ w,
|
2018-09-27 11:42:03 -05:00
|
|
|
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.config/evolution/{,**} mrwkl,
|
2018-09-27 14:42:14 -05:00
|
|
|
audit deny @{HOME}/.evolution/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.{,mozilla-}thunderbird/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
|
2018-09-27 11:42:03 -05:00
|
|
|
audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
|
|
|
|
|
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
|
2021-02-07 14:19:46 +01:00
|
|
|
audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
|
2019-01-24 03:03:11 -08:00
|
|
|
|
|
|
|
|
# Include additions to the abstraction
|
2020-05-30 19:46:08 +02:00
|
|
|
include if exists <abstractions/private-files-strict.d>
|
