Move obex profiles in the desktop group.
This commit is contained in:
Alexandre Pujol
parent
ea6edea2e1
commit
37d9ac6c3c
7 changed files with 0 additions and 0 deletions
21
apparmor.d/groups/desktop/obex-folder-listing
Normal file
21
apparmor.d/groups/desktop/obex-folder-listing
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obex-folder-listing
|
||||
profile obex-folder-listing @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
owner @{HOME}/**/ r,
|
||||
owner /media/*/ r,
|
||||
owner /media/*/**/ r,
|
||||
|
||||
include if exists <local/obex-folder-listing>
|
||||
}
|
||||
40
apparmor.d/groups/desktop/obexautofs
Normal file
40
apparmor.d/groups/desktop/obexautofs
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obexautofs
|
||||
profile obexautofs @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
network bluetooth seqpacket,
|
||||
network bluetooth stream,
|
||||
network bluetooth raw,
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/bin/fusermount{,3} rPx,
|
||||
|
||||
owner @{HOME}/bluetooth/ r,
|
||||
mount fstype=fuse.obexautofs -> @{HOME}/bluetooth/,
|
||||
|
||||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/bus/usb/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/bConfigurationValue r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bConfigurationValue r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
|
||||
@{run}/udev/data/+usb:* r,
|
||||
@{run}/udev/data/c189:* r,
|
||||
|
||||
/dev/bus/usb/ r,
|
||||
/dev/fuse rw,
|
||||
|
||||
include if exists <local/obexautofs>
|
||||
}
|
||||
21
apparmor.d/groups/desktop/obexctl
Normal file
21
apparmor.d/groups/desktop/obexctl
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obexctl
|
||||
profile obexctl @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/inputrc r,
|
||||
|
||||
owner @{user_cache_dirs}/.obexctl_history rw,
|
||||
owner @{user_cache_dirs}/.obexctl_history-@{pid}.tmp rw,
|
||||
|
||||
include if exists <local/obexctl>
|
||||
}
|
||||
26
apparmor.d/groups/desktop/obexd
Normal file
26
apparmor.d/groups/desktop/obexd
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /usr/{lib,libexec}/bluetooth/obexd
|
||||
profile obexd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/user-download-strict>
|
||||
|
||||
network bluetooth stream,
|
||||
network bluetooth seqpacket,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/obexd/ rw,
|
||||
owner @{user_cache_dirs}/obexd/* rw,
|
||||
|
||||
owner @{HOME}/bluetooth/* rw,
|
||||
|
||||
include if exists <local/obexd>
|
||||
}
|
||||
27
apparmor.d/groups/desktop/obexfs
Normal file
27
apparmor.d/groups/desktop/obexfs
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obexfs
|
||||
profile obexfs @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
network bluetooth raw,
|
||||
network bluetooth seqpacket,
|
||||
network bluetooth stream,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/fusermount{,3} rPx,
|
||||
|
||||
owner @{HOME}/bluetooth/ r,
|
||||
mount fstype=fuse.obexfs -> @{HOME}/bluetooth/,
|
||||
|
||||
/dev/fuse rw,
|
||||
|
||||
include if exists <local/obexfs>
|
||||
}
|
||||
16
apparmor.d/groups/desktop/obexpush-atd
Normal file
16
apparmor.d/groups/desktop/obexpush-atd
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obexpush_atd
|
||||
profile obexpush-atd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/obexpush-atd>
|
||||
}
|
||||
27
apparmor.d/groups/desktop/obexpushd
Normal file
27
apparmor.d/groups/desktop/obexpushd
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Mikhail Morfikov
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /{usr/,}bin/obexpushd
|
||||
profile obexpushd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
|
||||
# For listening on tcp/*:650
|
||||
capability net_bind_service,
|
||||
|
||||
network bluetooth stream,
|
||||
network irda stream,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
# For receiving files
|
||||
owner @{HOME}/bluetooth/* w,
|
||||
|
||||
include if exists <local/obexpushd>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue