apparmor/profiles/apparmor.d/abstractions/gnome

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/X>
#include <abstractions/freedesktop.org>
#include <abstractions/xdg-desktop>
#include <abstractions/user-tmp>

  # systemwide gtk defaults
  /etc/gnome/gtkrc*               r,
  /etc/gtk/*                      r,
  /usr/lib{,32,64}/gtk/**         mr,
  /usr/lib/@{multiarch}/gtk/**    mr,
  /usr/share/themes/**            r,

  # for gnome 1 applications
  /etc/orbitrc                    r,

  # gtk-2 needed some new rights
  /etc/fonts/*                    r,
  /etc/gtk-*/*                    r,
  /etc/pango/*                    r,
  /usr/lib{,32,64}/pango/**       mr,
  /usr/lib{,32,64}/gtk-*/**       mr,
  /usr/lib{,32,64}/gdk-pixbuf-*/** mr,
  /usr/lib/@{multiarch}/pango/**        mr,
  /usr/lib/@{multiarch}/gtk-*/**        mr,
  /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr,

  # per-user gtk configuration
  owner @{HOME}/.gnome/Gnome            r,
  owner @{HOME}/.gtk                    r,
  owner @{HOME}/.gtkrc                  r,
  owner @{HOME}/.gtkrc-2.0              r,
  owner @{HOME}/.gtk-bookmarks          r,
  owner @{HOME}/.themes/                r,
  owner @{HOME}/.themes/**              r,

  # for gtk file dialog
  owner @{HOME}/.config/gtk-2.0/**                  r,
  owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,

  # from evolution-mail
  owner @{HOME}/.gconfd/lock/*                      r,
  owner @{HOME}/.gnome/application-info             r,

  # per-user font business
  owner @{HOME}/.fonts.cache-*    rwl,

  # icon caches
  /var/cache/**/icon-theme.cache  r,
  /usr/share/**/icon-theme.cache  r,

  # gnome VFS modules
  /etc/gnome-vfs-2.0/modules/ r,
  /etc/gnome-vfs-2.0/modules/* r,
  /usr/lib/gnome-vfs-2.0/modules/*.so mr,
  /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr,

  # gvfs
  /usr/share/gvfs/remote-volume-monitors/  r,
  /usr/share/gvfs/remote-volume-monitors/* r,
  @{PROC}/@{pid}/mounts                    r,

  # printing
  /etc/papersize                   r,
  /etc/cups/lpoptions              r,
  /usr/share/cups/charmaps/**      r,

  # holds MIT-MAGIC-COOKIE for gnome
  owner /{,var/}run/gdm/auth*/database r,

  # mime-types
  /etc/gnome/defaults.list r,
  /usr/share/gnome/applications/mimeinfo.cache r,

  # poppler CMap tables
  /usr/share/poppler/cMap/** r,