apparmor/profiles/apparmor.d/abstractions/ubuntu-browsers

# vim:syntax=apparmor
#
# abstraction for allowing access to graphical browsers in Ubuntu
#
# Users of this abstraction need to #include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
# #include <abstractions/ubuntu-helpers>

  abi <abi/3.0>,

  /usr/bin/arora Cx -> sanitized_helper,
  /usr/bin/dillo Cx -> sanitized_helper,
  /usr/bin/Dooble Cx -> sanitized_helper,
  /usr/bin/epiphany Cx -> sanitized_helper,
  /usr/bin/epiphany-browser Cx -> sanitized_helper,
  /usr/bin/epiphany-webkit Cx -> sanitized_helper,
  /usr/lib/fennec-*/fennec Cx -> sanitized_helper,
  /usr/bin/kazehakase Cx -> sanitized_helper,
  /usr/bin/konqueror Cx -> sanitized_helper,
  /usr/bin/midori Cx -> sanitized_helper,
  /usr/bin/netsurf Cx -> sanitized_helper,
  /usr/bin/seamonkey Cx -> sanitized_helper,
  /usr/bin/sensible-browser Pixr,

  /usr/bin/chromium{,-browser} Cx -> sanitized_helper,
  /usr/lib{,64}/chromium{,-browser}/chromium{,-browser} Cx -> sanitized_helper,

  # this should cover all firefox browsers and versions (including shiretoko
  # and abrowser)
  /usr/bin/firefox Cxr -> sanitized_helper,
  /usr/lib{,64}/firefox*/firefox* Cx -> sanitized_helper,

  # Iceweasel
  /usr/bin/iceweasel Cxr -> sanitized_helper,
  /usr/lib/iceweasel/iceweasel Cx -> sanitized_helper,

  # some unpackaged, but popular browsers
  /usr/lib/icecat-*/icecat Cx -> sanitized_helper,
  /usr/bin/opera Cx -> sanitized_helper,
  /opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} Cx -> sanitized_helper,