mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-09 10:51:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
5491 commits 23 branches 109 tags 33 MiB
Commit graph

19 commits

Author SHA1 Message Date
Christian Boltz
9fc8e43c67
abstractions: remove '#' from 'include if exists' 
This matches what we use in the profiles for local abstractions.

Also adjust the check in the Makefile to expect the variant without '#'.
 2020-05-30 19:53:49 +02:00
John Johansen
730db17607 policy: tag policy with the AppArmor 3.0 abi 
Tag profiles and abstractions with abi information.

Tagging abstractions is not strictly necessary but allows the parser
to detect when their is a mismatch and that policy will need an
update for abi.

We do not currently tag the tunables because variable declarations
are not currently affected by abi.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
 2020-05-29 00:23:17 -07:00
Matthew Garrett
d9ab83281b Add support for local additions to abstractions 
Local policy may want to extend or override abstractions, so add support for including local updates to them.

Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: intrigeri <intrigeri@boum.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2019-01-24 03:06:03 -08:00
intrigeri
34dbe372c5 Rename @{usr_share} → @{system_share_dirs} and @{home_local_share} → @{user_share_dirs}. 
Thanks a lot to Simon McVittie for the much better names suggestion.
 2018-07-27 06:33:42 +00:00
intrigeri
51f2259c08 freedesktop.org abstraction: refactor (factorize) for consistency. 
This change makes the @{home_local_share} rules similar to the
@{usr_share} ones.
 2018-07-27 06:28:22 +00:00
intrigeri
aed447aca2 freedesktop.org abstraction: simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/. 
As Simon McVittie wrote, "if a specification or library creates extra caches, or
has .desktop files in a subdirectory, or anything like that, then I don't see
why we wouldn't want to allow reading those too".
 2018-07-27 06:26:57 +00:00
intrigeri
160f1027e4 freedesktop.org abstraction: DRY by factorizing duplicated path components with variables. 
These alternations will need to grow quite a bit in order to support Flatpak
exports. Let's avoid repeating ourselves too much.
 2018-07-27 06:21:40 +00:00
Cameron Norman
52d41feeaf Merged two rule groups 2017-07-03 12:50:38 -07:00
Cameron Norman
c8f5c9e406 abstractions/freedesktop.org: support /usr/local/applications; support subdirs of applications folder 2015-06-07 17:05:14 -07:00
Jamie Strandboge
de9fcf1def Description: update freedesktop.org for new location of mimeapps.list 
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377140

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2014-10-08 14:32:11 -05:00
Simon Deziel
1d867ae7ba abstractions/freedesktop.org: Allow reading /usr/share/applications/defaults.list 
This is required at least by Pidgin's profile and it seems harmless
to allow looking at its content.
 2014-09-25 19:45:11 -04:00
Simon Deziel
2eb7390aa2 Add missing directory read access rules 2014-02-20 10:31:07 -05:00
Jamie Strandboge
d03c2e681f abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 2010-12-23 18:39:28 -06:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Kees Cook
0e07298340 update for font/icon/mime locations in current gnome 2010-06-04 17:44:30 -07:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
Seth Arnold
c2f555ba0f abstractions fixes from Mathias Gug (Ubuntu) 2007-08-28 22:39:52 +00:00
Seth Arnold
8621cb193a some new abstractions from Mathias Gug 2007-08-27 23:49:51 +00:00