feat(dbus): rewrite some dbus rules (9).

2023-12-06 19:55:48 +00:00 · 2023-12-06 19:55:48 +00:00 · 1307250250
commit 1307250250
parent 3425419f0e
34 changed files with 63 additions and 380 deletions
--- a/apparmor.d/profiles-m-r/packagekitd
+++ b/apparmor.d/profiles-m-r/packagekitd
@ -43,29 +43,11 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
       interface=org.freedesktop.DBus.Properties 
       peer=(name=:*, label=gnome-shell),

-  dbus receive bus=system path=/org/freedesktop/PackageKit
-       interface=org.freedesktop.{DBus.Introspectable,PackageKit}
-       member={Introspect,StateHasChanged}
-       peer=(name=:*),
-
-  dbus (send,receive) bus=system path=/[0-9]*_@{hex}
-       interface=org.freedesktop.{DBus.Properties,PackageKit.Transaction},
-
  dbus send bus=system path=/org/freedesktop/DBus
       interface=org.freedesktop.DBus
       member={GetConnectionUnixUser,GetConnectionUnixProcessID}
       peer=(name=org.freedesktop.DBus, label=dbus-daemon),

-  dbus send bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.DBus.Properties
-       member={GetAll,PropertiesChanged}
-       peer=(name=:*, label=NetworkManager),
-
-  dbus receive bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.NetworkManager
-       member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged}
-       peer=(name=:*, label=NetworkManager),
-
  @{exec_path} mr,

  @{bin}/gpg{,2}  rCx -> gpg,
--- a/apparmor.d/profiles-m-r/pkttyagent
+++ b/apparmor.d/profiles-m-r/pkttyagent
@ -21,23 +21,6 @@ profile pkttyagent @{exec_path} {
  ptrace (read),
  signal (send,receive),

-  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll,
-
-  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.PolicyKit1.Authority
-       member=RegisterAuthenticationAgentWithOptions,
-  
-  dbus receive bus=system path=/org/freedesktop/PolicyKit1/AuthenticationAgent
-       interface=org.freedesktop.PolicyKit1.AuthenticationAgent
-       member={BeginAuthentication,CancelAuthentication}
-       peer=(name=:*, label=polkitd),
-
-  dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
-       interface=org.freedesktop.PolicyKit1.Authority
-       member=Changed,
-
  @{exec_path} mr,

  @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9]  rPx,
--- a/apparmor.d/profiles-m-r/remmina
+++ b/apparmor.d/profiles-m-r/remmina
@ -28,29 +28,16 @@ profile remmina @{exec_path} {
  network inet6 stream,
  network netlink raw,

-  dbus send bus=session path=/org/freedesktop/secrets{,/collection/login{,/[0-9]*}}
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll
-       peer=(name=:*, label=gnome-keyring-daemon),
+  dbus bind bus=session name=org.remmina.Remmina,

  dbus send bus=session path=/StatusNotifierWatcher
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name=org.kde.StatusNotifierWatcher),

-  dbus send bus=session path=/org/freedesktop/secrets
-       interface=org.freedesktop.Secret.Service
-       member={OpenSession,GetSecrets,SearchItems,ReadAlias}
-       peer=(name=:*, label=gnome-keyring-daemon),
-
  dbus (send, receive) bus=session path=/org/ayatana/NotificationItem/remmina_icon{,/**}
       peer=(name="{:*,org.freedesktop.DBus}"),  # all interfaces and members

-  dbus send bus=session path=/org/freedesktop/secrets/collection/session
-       interface=org.freedesktop.DBus.Properties
-       member=GetAll
-       peer=(name=:*, label=gnome-keyring-daemon),
-
  dbus send bus=session path=/StatusNotifierWatcher
       interface=org.kde.StatusNotifierWatcher
       member=RegisterStatusNotifierItem
@ -61,24 +48,6 @@ profile remmina @{exec_path} {
       member={IsSupported,List}
       peer=(name=:*),

-  dbus send bus=session path=/org/freedesktop/secrets/aliases/default
-       interface=org.freedesktop.Secret.Collection
-       member=CreateItem
-       peer=(name=org.freedesktop.secrets, label=gnome-keyring-daemon),
-
-  dbus receive bus=session path=/org/freedesktop/secrets/collection/login
-       interface=org.freedesktop.Secret.Collection
-       member=ItemCreated
-       peer=(name=:*, label=gnome-keyring-daemon),
-
-  dbus receive bus=session path=/org/freedesktop/secrets/collection/login
-       interface=org.freedesktop.DBus.Properties
-       member=PropertiesChanged
-       peer=(name=:*, label=gnome-keyring-daemon),
-
-  dbus bind bus=session
-       name=org.remmina.Remmina,
-
  @{exec_path} r,

  /usr/share/remmina/{,**} r,