felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(dbus): rewrite some dbus rules (3).

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-02 16:05:40 +00:00
parent 92ebab604a
commit 2af165403a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 117 additions and 191 deletions
Download patch file Download diff file Expand all files Collapse all files

11
apparmor.d/profiles-s-z/spice-vdagent
View file

@ -13,6 +13,7 @@ profile spice-vdagent @{exec_path} {
include <abstractions/bus/atspi>
include <abstractions/dbus-accessibility-strict>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dri-common>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
@ -25,6 +26,16 @@ profile spice-vdagent @{exec_path} {
member=GetCurrentState
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/freedesktop/portal/desktop
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.freedesktop.portal.Desktop, label=xdg-desktop-portal),
dbus send bus=session path=/org/freedesktop/portal/desktop
interface=org.freedesktop.portal.Realtime
member=MakeThreadRealtimeWithPID
peer=(name=org.freedesktop.portal.Desktop, label=xdg-desktop-portal),
dbus receive bus=session path=/
interface=org.freedesktop.DBus.Introspectable
member=Introspect

6
apparmor.d/profiles-s-z/thermald
View file

@ -11,6 +11,7 @@ include <tunables/global>
@{exec_path} = @{bin}/thermald
profile thermald @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus/upower>
include <abstractions/dbus-strict>
capability sys_boot,
@ -22,11 +23,6 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
member=GetAll
peer=(name=:*, label=power-profiles-daemon),
dbus send bus=system path=/org/freedesktop/UPower
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=upowerd),
@{exec_path} mr,
/etc/thermald/thermal-conf.xml r,

10
apparmor.d/profiles-s-z/thunderbird
View file

@ -17,6 +17,7 @@ profile thunderbird @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/bus/atspi>
include <abstractions/bus/rtkit>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf-write>
@ -50,15 +51,6 @@ profile thunderbird @{exec_path} {
dbus bind bus=session name=org.mozilla.thunderbird.*,
dbus send bus=system path=/org/freedesktop/RealtimeKit1
member={Get,MakeThreadHighPriority,MakeThreadRealtime}
peer=(name=org.freedesktop.RealtimeKit1*),
dbus send bus=system path=/org/freedesktop/UPower
interface=org.freedesktop.UPower
member=EnumerateDevices
peer=(name=org.freedesktop.UPower),
dbus send bus=session path=/org/freedesktop/portal/desktop
interface=org.freedesktop.DBus.Properties
member=GetAll

17
apparmor.d/profiles-s-z/wireplumber
View file

@ -1,5 +1,5 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@ -10,6 +10,8 @@ include <tunables/global>
profile wireplumber @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/bus/rtkit>
include <abstractions/bus/upower>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/devices-usb>
@ -23,19 +25,6 @@ profile wireplumber @{exec_path} {
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0,
dbus send bus=system path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.RealtimeKit1
peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon),
dbus send bus=system path=/org/freedesktop/UPower/devices/DisplayDevice
interface=org.freedesktop.DBus.Properties
peer=(name=org.freedesktop.UPower, label=upowerd),
dbus send bus=system path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect