From 17d9df3e27a7ee57dc0b0c98b9e71b99d1281ae5 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 13 Mar 2025 19:11:23 +0100 Subject: [PATCH] feat(abs): replace some manual rules in bus abs by the dbus common directive. --- .../abstractions/bus/fi.w1.wpa_supplicant1 | 17 ++---------- .../abstractions/bus/net.hadess.PowerProfiles | 5 +--- .../bus/net.hadess.SwitcherooControl | 5 +--- .../abstractions/bus/net.reactivated.Fprint | 2 ++ apparmor.d/abstractions/bus/org.bluez | 12 ++------- .../abstractions/bus/org.freedesktop.Accounts | 7 ++--- .../abstractions/bus/org.freedesktop.Avahi | 2 ++ .../bus/org.freedesktop.ColorManager | 7 ++--- .../bus/org.freedesktop.FileManager1 | 10 +------ .../abstractions/bus/org.freedesktop.GeoClue2 | 15 +---------- .../bus/org.freedesktop.ModemManager1 | 7 ++--- .../bus/org.freedesktop.NetworkManager | 17 ++---------- .../bus/org.freedesktop.Notifications | 7 ++--- .../bus/org.freedesktop.PackageKit | 11 ++------ .../bus/org.freedesktop.PolicyKit1 | 12 ++------- .../bus/org.freedesktop.RealtimeKit1 | 10 +------ .../abstractions/bus/org.freedesktop.UDisks2 | 22 ++------------- .../abstractions/bus/org.freedesktop.UPower | 26 ++---------------- .../bus/org.freedesktop.background.Monitor | 10 +------ .../bus/org.freedesktop.hostname1 | 15 +---------- ...rg.freedesktop.impl.portal.PermissionStore | 5 +--- .../abstractions/bus/org.freedesktop.locale1 | 9 +------ .../abstractions/bus/org.freedesktop.login1 | 15 +---------- .../bus/org.freedesktop.login1.Session | 22 ++------------- .../abstractions/bus/org.freedesktop.network1 | 5 +--- .../bus/org.freedesktop.portal.Desktop | 4 ++- .../abstractions/bus/org.freedesktop.resolve1 | 2 ++ .../abstractions/bus/org.freedesktop.secrets | 10 +------ .../abstractions/bus/org.freedesktop.systemd1 | 5 +--- .../bus/org.freedesktop.systemd1-session | 10 +------ .../bus/org.freedesktop.timedate1 | 16 +---------- .../bus/org.gnome.ArchiveManager1 | 5 +--- .../abstractions/bus/org.gnome.DisplayManager | 2 ++ .../bus/org.gnome.Mutter.DisplayConfig | 12 ++------- .../bus/org.gnome.Mutter.IdleMonitor | 2 ++ .../bus/org.gnome.Nautilus.FileOperations2 | 15 +---------- .../abstractions/bus/org.gnome.ScreenSaver | 5 +--- .../abstractions/bus/org.gnome.SessionManager | 27 ++----------------- .../bus/org.gnome.Shell.Introspect | 15 +---------- .../abstractions/bus/org.gtk.vfs.Daemon | 5 ++++ .../bus/org.kde.StatusNotifierWatcher | 10 +------ 41 files changed, 66 insertions(+), 354 deletions(-) diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index 4b7d6c89d..7989ea4c5 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -4,14 +4,11 @@ abi , - dbus send bus=system path=/fi/w1/wpa_supplicant1 - interface=org.freedesktop.DBus.Properties - member={GetAll,PropertiesChanged} - peer=(name="@{busname}", label=wpa-supplicant), + #aa:dbus common bus=system name=fi.w1.wpa_supplicant1 label=wpa-supplicant dbus send bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int} interface=org.freedesktop.DBus.Properties - member={GetAll,Set} + member=Set peer=(name="@{busname}", label=wpa-supplicant), dbus send bus=system path=/fi/w1/wpa_supplicant1 @@ -39,16 +36,6 @@ member={BSSAdded,BSSRemoved,NetworkAdded,NetworkRemoved,NetworkSelected,ScanDone,PropertiesChanged} peer=(name="@{busname}", label=wpa-supplicant), - dbus receive bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int} - interface=org.freedesktop.DBus.Properties - member={GetAll,PropertiesChanged} - peer=(name="@{busname}", label=wpa-supplicant), - - dbus receive bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}/BSSs/@{int} - interface=org.freedesktop.DBus.Properties - member={GetAll,PropertiesChanged} - peer=(name="@{busname}", label=wpa-supplicant), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index 4da873247..63f224c42 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -4,10 +4,7 @@ abi , - dbus send bus=system path=/net/hadess/PowerProfiles - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=power-profiles-daemon), + #aa:dbus common bus=system name=net.hadess.PowerProfiles label=power-profiles-daemon include if exists diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index 7f68d2d06..df65417da 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -4,10 +4,7 @@ abi , - dbus send bus=system path=/net/hadess/SwitcherooControl - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=switcheroo-control), + #aa:dbus common bus=system name=net.hadess.SwitcherooControl label=switcheroo-control include if exists diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 41735f1be..2f3660082 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=system name=net.reactivated.Fprint label=fprintd + dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager member={GetDevices,GetDefaultDevice} diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 7b709ab9b..296965691 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.bluez label=bluetoothd + dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=InterfacesRemoved peer=(name="{@{busname},org.bluez}", label=bluetoothd), - dbus receive bus=system path=/org/bluez/hci@{int}{,/**} - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.bluez}", label=bluetoothd), - dbus send bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects @@ -29,11 +26,6 @@ member=RegisterProfile peer=(name=org.bluez, label=bluetoothd), - dbus send bus=system path=/org/bluez/hci@{int} - interface=org.freedesktop.DBus.Properties - member=Set - peer=(name="{@{busname},org.bluez}", label=bluetoothd), - dbus send bus=system path=/org/bluez/hci@{int} interface=org.bluez.BatteryProviderManager@{int} member=RegisterProfile diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index f2048c80e..2ad151c45 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.Accounts label=accounts-daemon + dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts member={FindUserByName,ListCachedUsers} peer=(name="@{busname}", label=accounts-daemon), - dbus send bus=system path=/org/freedesktop/Accounts{,/User@{uid}} - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=accounts-daemon), - dbus receive bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User member=*Changed diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index ccf5b30a9..e3128f984 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.Avahi label=avahi-daemon + dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer member=Ping diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index 205557ad5..27776b776 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.ColorManager label=colord + dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager member=GetDevices peer=(name="@{busname}", label=colord), - dbus send bus=system path=/org/freedesktop/ColorManager{,/**} - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=colord), - dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager member=CreateDevice diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index 101e493ab..76095edaf 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -4,15 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/FileManager1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=nautilus), - - dbus receive bus=session path=/org/freedesktop/FileManager1 - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=nautilus), + #aa:dbus common bus=session name=org.freedesktop.FileManager1 label=nautilus include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 17ea4e45a..d15d5c5ba 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -4,15 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/GeoClue2/Manager - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=geoclue), - - dbus send bus=system path=/org/freedesktop/GeoClue2/Agent - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name=org.freedesktop.DBus, label=geoclue), + #aa:dbus common bus=system name=org.freedesktop.GeoClue2 label=geoclue dbus receive bus=system path=/org/freedesktop/GeoClue2/Agent interface=org.freedesktop.DBus.Properties @@ -29,11 +21,6 @@ member=AddAgent peer=(name="@{busname}", label=geoclue), - dbus receive bus=system path=/org/freedesktop/GeoClue2/Manager - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=geoclue), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 5c514d54c..41e03f325 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.ModemManager1 label=ModemManager + dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects @@ -14,11 +16,6 @@ member=GetManagedObjects peer=(name="@{busname}", label=ModemManager), - dbus send bus=system path=/org/freedesktop/ModemManager1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=ModemManager), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index af2b6d2b9..0f188e05a 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.NetworkManager label=NetworkManager + dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus send bus=system path=/org/freedesktop/NetworkManager{,/**} - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus send bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager member={GetDevices,GetPermissions} @@ -29,21 +26,11 @@ member=GetSettings peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus send bus=system path=/org/freedesktop/NetworkManager - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus receive bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager member=InterfacesAdded peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**} - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager), - dbus receive bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.DBus.Properties member=CheckPermissions diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index eee09ffad..6962bf7ec 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -4,10 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/Notifications - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gjs-console), + #aa:dbus common bus=session name=org.freedesktop.Notifications label=gjs-console dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties @@ -16,7 +13,7 @@ dbus receive bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties - member={GetAll,NotificationClosed,CloseNotification} + member={NotificationClosed,CloseNotification} peer=(name="@{busname}", label=gjs-console), dbus receive bus=session path=/org/freedesktop/Notifications diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index b65bc1ef5..f6cde2030 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -4,15 +4,8 @@ abi , - dbus send bus=system path=/org/freedesktop/PackageKit - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=packagekitd), + #aa:dbus common bus=system name=org.freedesktop.PackageKit label=packagekitd - dbus send bus=system path=/org/freedesktop/PackageKit - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=org.freedesktop.PackageKit, label=packagekitd), dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Introspectable member=Introspect @@ -21,7 +14,7 @@ dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=StateHasChanged - peer=(name=org.freedesktop.PackageKit, label=packagekitd), + peer=(name=org.freedesktop.PackageKit), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index ab9e373ab..b770cdbb1 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.PolicyKit1 label=polkitd + dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=Changed peer=(name="@{busname}", label=polkitd), - dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=polkitd), - dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization @@ -28,11 +25,6 @@ member=CheckAuthorization peer=(name=org.freedesktop.PolicyKit1), - dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="@{busname}", label=polkitd), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index ff2906932..05aefc887 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -4,15 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/RealtimeKit1 - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.freedesktop.RealtimeKit1), - - dbus send bus=system path=/org/freedesktop/RealtimeKit1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="@{busname}", label=rtkit-daemon), + #aa:dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.RealtimeKit1 diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index 30abb2199..c97e83d71 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -4,16 +4,13 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.UDisks2 label=udisksd + dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - dbus send bus=system path=/org/freedesktop/UDisks2/** - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - dbus send bus=system path=/ interface=org.freedesktop.DBus.Introspectable member=Introspect @@ -29,16 +26,6 @@ member=Introspect peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - dbus send bus=system path=/org/freedesktop/UDisks2/drives{,/*} - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - - dbus send bus=system path=/org/freedesktop/UDisks2/block_devices/* - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - dbus receive bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager member=InterfacesAdded @@ -49,11 +36,6 @@ member=Completed peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - dbus receive bus=system path=/org/freedesktop/UDisks2/block_devices/* - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.freedesktop.UDisks2}", label=udisksd), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index 369448079..ec0a2b15b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -4,45 +4,23 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.UPower label=upowerd + dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower member=EnumerateDevices peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - dbus send bus=system path=/org/freedesktop/UPower{,/**} - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - dbus send bus=system path=/org/freedesktop/UPower{,/**} - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name=org.freedesktop.UPower, label=upowerd), - dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.DBus.Properties member=GetDisplayDevice peer=(name=org.freedesktop.UPower, label=upowerd), - dbus send bus=system path=/org/freedesktop/UPower/devices/* - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - - dbus send bus=system path=/org/freedesktop/UPower{,/**} - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - dbus receive bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower member=DeviceAdded peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - dbus receive bus=system path=/org/freedesktop/UPower/devices/* - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index f6019eedb..0f371f79b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -4,15 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/background/monitor - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=xdg-desktop-portal), - - dbus receive bus=session path=/org/freedesktop/background/monitor - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=xdg-desktop-portal), + #aa:dbus common bus=session name=org.freedesktop.background.Monitor label=xdg-desktop-portal include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 7dcb187f1..d2a0b1d83 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -4,20 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/hostname1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.hostname1}", label=systemd-hostnamed), - - dbus send bus=system path=/org/freedesktop/hostname1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name=org.freedesktop.hostname1), - - dbus receive bus=system path=/org/freedesktop/hostname1 - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.freedesktop.hostname1}", label=systemd-hostnamed), + #aa:dbus common bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index c4e4a5fbf..8461bb047 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -4,10 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=xdg-permission-store), + #aa:dbus common bus=session name=org.freedesktop.impl.portal.PermissionStore label=xdg-permission-store dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.impl.portal.PermissionStore diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index 50218ced3..ea81c60ef 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -4,14 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/locale1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=systemd-localed), - dbus send bus=system path=/org/freedesktop/locale1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=org.freedesktop.locale1), + #aa:dbus common bus=system name=org.freedesktop.locale1 label=systemd-localed include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 385c75730..7f9fc5fb7 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -4,15 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/login1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - - dbus receive bus=system path=/org/freedesktop/login1 - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), + #aa:dbus common bus=system name=org.freedesktop.login1 label=systemd-logind dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager @@ -24,11 +16,6 @@ member={SessionNew,SessionRemoved,UserNew,UserRemoved,SeatNew,PrepareFor*} peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1 - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member=PauseDeviceComplete diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 4affc3d22..23ec52c8e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -4,36 +4,18 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.login1 label=systemd-logind + dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession peer=(name="@{busname}", label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1{,session/*,seat/*} - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - - dbus send bus=system path=/org/freedesktop/login1/session/* - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="@{busname}", label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint} peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - dbus send bus=system path=/org/freedesktop/login1/seat/* - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), - - dbus receive bus=system path=/org/freedesktop/login1/session/* - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=systemd-logind), - dbus receive bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member={PauseDevice,Unlock} diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 56460a52b..be11a7ceb 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -4,10 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/network1 - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.freedesktop.network1, label=systemd-networkd), + #aa:dbus common bus=system name=org.freedesktop.network1 label=systemd-networkd include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 1561491cc..882dedd6c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -4,9 +4,11 @@ abi , + #aa:dbus common bus=session name=org.freedesktop.portal.Desktop label=xdg-desktop-portal + dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties - member={Get,GetAll,Read} + member=Read peer=(name="{@{busname},org.freedesktop.portal.Desktop}", label=xdg-desktop-portal), dbus send bus=session path=/org/freedesktop/portal/desktop diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 7714a871b..8c7670382 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=system name=org.freedesktop.resolve1 label=systemd-resolved + dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member={SetLink*,ResolveHostname} diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index 0b169a04e..a2389a68a 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -4,10 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/secrets{,/**} - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gnome-keyring-daemon), + #aa:dbus common bus=session name=org.freedesktop.secrets label=gnome-keyring-daemon dbus send bus=session path=/org/freedesktop/secrets interface=org.freedesktop.Secret.Service @@ -24,11 +21,6 @@ member=ItemCreated peer=(name="@{busname}", label=gnome-keyring-daemon), - dbus receive bus=session path=/org/freedesktop/secrets/collection/login - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=gnome-keyring-daemon), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index 41b08a80b..46297b484 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -4,10 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/systemd1{,/**} - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name=org.freedesktop.systemd1, label="@{p_systemd}"), + #aa:dbus common bus=system name=org.freedesktop.systemd1 label="@{p_systemd}" dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index 97db8023f..577cc3ed9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -4,15 +4,7 @@ abi , - dbus send bus=session path=/org/freedesktop/systemd1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name=org.freedesktop.systemd1), - - dbus send bus=session path=/org/freedesktop/systemd1 - interface=org.freedesktop.DBus.Properties - member={Get,GetAll} - peer=(name="{@{busname},org.freedesktop.systemd1}", label="@{p_systemd_user}"), + #aa:dbus common bus=session name=org.freedesktop.systemd1 label="@{p_systemd_user}" dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 443d35eed..83f85c678 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -4,21 +4,7 @@ abi , - dbus send bus=system path=/org/freedesktop/timedate1 - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.freedesktop.timedate1, label=systemd-timedated), - - # FIXME: should be under the systemd-timedated label - dbus send bus=system path=/org/freedesktop/timedate1 - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.freedesktop.timedate1, label=unconfined), - - dbus send bus=system path=/org/freedesktop/timedate1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=systemd-timedated), + #aa:dbus common bus=system name=org.freedesktop.timedate1 label=systemd-timedated include if exists diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index 120330ac1..ce572e9cd 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -4,10 +4,7 @@ abi , - dbus send bus=session path=/org/gnome/ArchiveManager1 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=file-roller), + #aa:dbus common bus=session name=org.gnome.ArchiveManager1 label=file-roller dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.gnome.ArchiveManager1 diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index 107868836..741631f4b 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=system name=org.gnome.DisplayManager label=gdm + dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager member=RegisterDisplay diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index 605e90311..f275850cd 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=session name=org.gnome.Mutter.DisplayConfig label=gnome-shell + dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig member={GetResources,GetCrtcGamma} @@ -14,16 +16,6 @@ member=GetCurrentState peer=(name="{@{busname},org.gnome.Mutter.DisplayConfig}", label=gnome-shell), - dbus send bus=session path=/org/gnome/Mutter/DisplayConfig - interface=org.freedesktop.DBus.Properties - member={GetAll,PropertiesChanged} - peer=(name="@{busname}", label=gnome-shell), - - dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=gnome-shell), - dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig member=MonitorsChanged diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 68769f2c9..3eb301f18 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -4,6 +4,8 @@ abi , + #aa:dbus common bus=session name=org.gnome.Mutter.IdleMonitor label=gnome-shell + dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index 185937e70..178139a8d 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -4,20 +4,7 @@ abi , - dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=nautilus), - - dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name="@{busname}", label=nautilus), - - dbus receive bus=session path=/org/gnome/Nautilus/FileOperations2 - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=nautilus), + #aa:dbus common bus=session name=org.gnome.Nautilus.FileOperations2 label=nautilus include if exists diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index ba13aa7d2..46d1a1006 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -4,10 +4,7 @@ abi , - dbus send bus=session path=/org/gnome/ScreenSaver - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gjs-console), + #aa:dbus common bus=session name=org.gnome.ScreenSaver label=gjs-console dbus send bus=session path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index c683eddac..0683a98fb 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -6,6 +6,8 @@ abi , + #aa:dbus common bus=session name=org.gnome.SessionManager label=gnome-session-binary + dbus send bus=session path=/org/gnome/SessionManager interface=org.gnome.SessionManager member={RegisterClient,IsSessionRunning} @@ -21,16 +23,6 @@ member={ClientAdded,ClientRemoved,SessionRunning,InhibitorRemoved,InhibitorAdded} peer=(name="@{busname}", label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gnome-session-binary), - - dbus receive bus=session path=/org/gnome/SessionManager - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client@{int} interface=org.gnome.SessionManager.ClientPrivate member=EndSessionResponse @@ -41,26 +33,11 @@ member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name="@{busname}", label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager/Client@{int} - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gnome-session-binary), - - dbus receive bus=session path=/org/gnome/SessionManager/Client@{int} - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=gnome-session-binary), - dbus receive bus=session path=/org/gnome/SessionManager/Presence interface=org.gnome.SessionManager.Presence member=StatusChanged peer=(name="@{busname}", label=gnome-session-binary), - dbus send bus=session path=/org/gnome/SessionManager - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=org.gnome.SessionManager, label=gnome-session-binary), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index efe53af62..b53acf610 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -4,15 +4,7 @@ abi , - dbus send bus=session path=/org/gnome/Shell/Introspect - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name="@{busname}", label=gnome-shell), - - dbus send bus=session path=/org/gnome/Shell/Introspect - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.gnome.Shell.Introspect, label=gnome-shell), + #aa:dbus common bus=session name=org.gnome.Shell.Introspect label=gnome-shell dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.gnome.Shell.Introspect @@ -24,11 +16,6 @@ member={RunningApplicationsChanged,WindowsChanged} peer=(name="@{busname}", label=gnome-shell), - dbus receive bus=session path=/org/gnome/Shell/Introspect - interface=org.freedesktop.DBus.Properties - member=PropertiesChanged - peer=(name="@{busname}", label=gnome-shell), - include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index e813f5c4f..66910007b 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -9,6 +9,11 @@ member={GetConnection,ListMonitorImplementations,ListMountableInfo} peer=(name="@{busname}", label=gvfsd), + dbus receive bus=session path=/org/gtk/vfs/Daemon + interface=org.gtk.vfs.Daemon + member=GetConnection + peer=(name=@{busname}), + include if exists # vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 5217a50f5..d9ca82881 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -4,21 +4,13 @@ abi , - dbus send bus=session path=/StatusNotifierWatcher - interface=org.freedesktop.DBus.Properties - member=Get - peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell), + #aa:dbus common bus=session name=org.kde.StatusNotifierWatcher label=gnome-shell dbus send bus=session path=/StatusNotifierWatcher interface=org.kde.StatusNotifierWatcher member=RegisterStatusNotifierItem peer=(name="{:*,org.kde.StatusNotifierWatcher}", label=gnome-shell), - dbus send bus=session path=/StatusNotifierWatcher - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell), - include if exists # vim:syntax=apparmor