refactor(profiles): use @{bin} and @{lib} in profiles (2)

2023-07-09 13:30:27 +01:00 · 2023-07-09 13:30:27 +01:00 · 2eed3b725f
commit 2eed3b725f
parent bb71f49598
101 changed files with 538 additions and 538 deletions
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@ -7,30 +7,30 @@ abi <abi/3.0>,

 include <tunables/global>

-@{exec_path} = /{usr/,}bin/xdg-mime
+@{exec_path} = @{bin}/xdg-mime
 profile xdg-mime @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/freedesktop.org>

  @{exec_path} r,

-  /{usr/,}bin/{,ba,da}sh rix,
-  /{usr/,}bin/{,e}grep   rix,
-  /{usr/,}bin/{m,g,}awk  rix,
-  /{usr/,}bin/basename   rix,
-  /{usr/,}bin/cut        rix,
-  /{usr/,}bin/file       rix,
-  /{usr/,}bin/head       rix,
-  /{usr/,}bin/mv         rix,
-  /{usr/,}bin/readlink   rix,
-  /{usr/,}bin/sed        rix,
-  /{usr/,}bin/tr         rix,
-  /{usr/,}bin/uname      rix,
-  /{usr/,}bin/which{,.debianutils}      rix,
+  @{bin}/{,ba,da}sh rix,
+  @{bin}/{,e}grep   rix,
+  @{bin}/{m,g,}awk  rix,
+  @{bin}/basename   rix,
+  @{bin}/cut        rix,
+  @{bin}/file       rix,
+  @{bin}/head       rix,
+  @{bin}/mv         rix,
+  @{bin}/readlink   rix,
+  @{bin}/sed        rix,
+  @{bin}/tr         rix,
+  @{bin}/uname      rix,
+  @{bin}/which{,.debianutils}      rix,

-  /{usr/,}bin/gio        rPx,
-  /{usr/,}bin/mimetype   rPx,
-  /{usr/,}bin/xprop      rPx,
+  @{bin}/gio        rPx,
+  @{bin}/mimetype   rPx,
+  @{bin}/xprop      rPx,

  /usr/share/terminfo/x/xterm-256color r,

@ -51,10 +51,10 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
  #  /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
  #
  # Should this be allowed? Xdg-mime works fine without this.
-  #/{usr/,}bin/dbus-launch        rCx -> dbus,
-  #/{usr/,}bin/dbus-send          rCx -> dbus,
-  deny /{usr/,}bin/dbus-launch rx,
-  deny /{usr/,}bin/dbus-send   rx,
+  #@{bin}/dbus-launch        rCx -> dbus,
+  #@{bin}/dbus-send          rCx -> dbus,
+  deny @{bin}/dbus-launch rx,
+  deny @{bin}/dbus-send   rx,

  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

@ -62,9 +62,9 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
    include <abstractions/base>
    include <abstractions/nameservice-strict>

-    /{usr/,}bin/dbus-launch   mr,
-    /{usr/,}bin/dbus-send     mr,
-    /{usr/,}bin/dbus-daemon  rPx,
+    @{bin}/dbus-launch   mr,
+    @{bin}/dbus-send     mr,
+    @{bin}/dbus-daemon  rPx,

          @{HOME}/.Xauthority r,
    owner @{HOME}/.dbus/session-bus/@{hex}-[0-9] w,