From d8e17207e8dd1c5f5e9cde6cf92b15615cdbb311 Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Wed, 17 Jul 2024 08:38:37 +0000
Subject: [PATCH] Merge firefox: allow /etc/writable/timezone and update UPower
 DBus access

Saw these couple of accesses fail recently on my Ubuntu 22.04 system:

`Jun  3 15:29:24 darkstar kernel: [5401883.070129] audit: type=1107 audit(1717442964.884:9223): pid=729 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.28" pid=2164500 label="firefox" peer_pid=2502 peer_label="unconfined"`

`Jun  3 15:29:24 darkstar kernel: [5401883.070588] audit: type=1107 audit(1717442964.884:9224): pid=729 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name=":1.28" pid=2164500 label="firefox" peer_pid=2502 peer_label="unconfined"`

Also, I noticed that the `firefox` profile in the Ubuntu 24.04 package has a rule for `/etc/writable/timezone` that is not present in Git. Figured that should be in here.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/409

Closes #409
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1253
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>

(cherry picked from commit 09d8f886cae6a4353af7a47c8866181cca1c106d)
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor/profiles/extras/firefox | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/firefox
index 16ae99eed..ecdcfcfad 100644
--- a/profiles/apparmor/profiles/extras/firefox
+++ b/profiles/apparmor/profiles/extras/firefox
@@ -139,7 +139,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
      interface=org.gtk.gio.DesktopAppInfo
      member=Launched,
 
-  /etc/timezone r,
+  /etc/{,writable/}timezone r,
   /etc/wildmidi/wildmidi.cfg r,
 
   # firefox specific
@@ -416,14 +416,17 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
        bus=system
        path=/org/freedesktop/UPower
        interface=org.freedesktop.UPower
-       member=EnumerateDevices
-       peer=(name=org.freedesktop.UPower),
+       member=EnumerateDevices,
+  dbus (send)
+       bus=system
+       path=/org/freedesktop/UPower
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll,
   dbus (send)
        bus=system
        path=/org/freedesktop/UPower/devices/*
        interface=org.freedesktop.DBus.Properties
-       member=GetAll
-       peer=(name=org.freedesktop.UPower),
+       member=GetAll,
 
   # File browser
   dbus (send)