From 0817911b579fa417a46fd03f9dbec5398bc3180e Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 22 Aug 2025 18:48:36 +0200 Subject: [PATCH] feat(abs): add more core abstractions They will at term replace the freedesktop abstraction. --- apparmor.d/abstractions/desktop-files | 22 ++++++++++++++++++++++ apparmor.d/abstractions/gsettings | 13 +++++++++++++ apparmor.d/abstractions/icons | 26 ++++++++++++++++++++++++++ apparmor.d/abstractions/mime | 17 +++++++++++++++++ 4 files changed, 78 insertions(+) create mode 100644 apparmor.d/abstractions/desktop-files create mode 100644 apparmor.d/abstractions/gsettings create mode 100644 apparmor.d/abstractions/icons create mode 100644 apparmor.d/abstractions/mime diff --git a/apparmor.d/abstractions/desktop-files b/apparmor.d/abstractions/desktop-files new file mode 100644 index 000000000..d616dad83 --- /dev/null +++ b/apparmor.d/abstractions/desktop-files @@ -0,0 +1,22 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2009 Canonical Ltd. +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + abi , + + @{system_share_dirs}/applications/{,**} r, + @{system_share_dirs}/*ubuntu/applications/{,**} r, + @{system_share_dirs}/gnome/applications/{,**} r, + @{system_share_dirs}/xfce4/applications/{,**} r, + + /etc/gnome/defaults.list r, + /etc/xfce4/defaults.list r, + + /var/lib/snapd/desktop/applications/{,**} r, + + owner @{user_share_dirs}/applications/{,**} r, + + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gsettings b/apparmor.d/abstractions/gsettings new file mode 100644 index 000000000..788b14486 --- /dev/null +++ b/apparmor.d/abstractions/gsettings @@ -0,0 +1,13 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2009 Canonical Ltd. +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + abi , + + @{system_share_dirs}/glib-2.0/schemas/ r, + @{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r, + + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/icons b/apparmor.d/abstractions/icons new file mode 100644 index 000000000..0dd44e33c --- /dev/null +++ b/apparmor.d/abstractions/icons @@ -0,0 +1,26 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2009 Canonical Ltd. +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + abi , + + @{system_share_dirs}/icons/{,**} r, + @{system_share_dirs}/pixmaps/{,**} r, + + /opt/**/share/icons/{,**} r, + /opt/*/**.desktop r, + /opt/*/**/*.png r, + + /var/lib/snapd/desktop/icons/{,**} r, + + owner @{HOME}/.icons/{,**} r, + + owner @{user_config_dirs}/mimeapps.list r, + + owner @{user_share_dirs}/icons/{,**} r, + owner @{user_share_dirs}/mime/{,**} r, + + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/mime b/apparmor.d/abstractions/mime new file mode 100644 index 000000000..6622c99dd --- /dev/null +++ b/apparmor.d/abstractions/mime @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2009 Canonical Ltd. +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + abi , + + @{system_share_dirs}/ r, + @{system_share_dirs}/mime/{,**} r, + + /etc/mime.types r, + + owner @{user_share_dirs}/mime/mime.cache r, + + include if exists + +# vim:syntax=apparmor