feat(abs): use the new core abs in desktop.
This commit is contained in:
Alexandre Pujol
parent
0817911b57
commit
3b2f745bca
8 changed files with 53 additions and 29 deletions
|
|
@ -9,10 +9,14 @@
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <abstractions/desktop-files>
|
||||||
include <abstractions/fonts>
|
include <abstractions/fonts>
|
||||||
include <abstractions/freedesktop.org>
|
include <abstractions/gsettings>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/icons>
|
||||||
|
include <abstractions/mime>
|
||||||
include <abstractions/qt5>
|
include <abstractions/qt5>
|
||||||
|
include <abstractions/recently-used>
|
||||||
include <abstractions/wayland>
|
include <abstractions/wayland>
|
||||||
include <abstractions/X-strict>
|
include <abstractions/X-strict>
|
||||||
include <abstractions/xdg-desktop>
|
include <abstractions/xdg-desktop>
|
||||||
|
|
@ -24,16 +28,11 @@
|
||||||
member=Introspect
|
member=Introspect
|
||||||
peer=(name=@{busname}, label=gnome-shell),
|
peer=(name=@{busname}, label=gnome-shell),
|
||||||
|
|
||||||
/usr/{local/,}share/ r,
|
@{system_share_dirs}/gvfs/remote-volume-monitors/{,*} r,
|
||||||
/usr/{local/,}share/glib-@{version}/schemas/** r,
|
|
||||||
/usr/{local/,}share/gvfs/remote-volume-monitors/{,*} r,
|
|
||||||
|
|
||||||
/etc/gnome/* r,
|
/etc/gnome/* r,
|
||||||
/etc/xdg/{,*-}mimeapps.list r,
|
|
||||||
|
|
||||||
/var/cache/gio-@{version}/gnome-mimeapps.list r,
|
/ r,
|
||||||
|
|
||||||
/ r, # deny?
|
|
||||||
|
|
||||||
owner @{user_share_dirs}/gnome-shell/session.gvdb rw,
|
owner @{user_share_dirs}/gnome-shell/session.gvdb rw,
|
||||||
|
|
||||||
|
|
@ -49,8 +48,6 @@
|
||||||
/etc/xdg/kcminputrc r,
|
/etc/xdg/kcminputrc r,
|
||||||
/etc/xdg/kdeglobals r,
|
/etc/xdg/kdeglobals r,
|
||||||
/etc/xdg/kwinrc r,
|
/etc/xdg/kwinrc r,
|
||||||
/etc/xdg/menus/ r,
|
|
||||||
/etc/xdg/menus/applications-merged/ r,
|
|
||||||
|
|
||||||
owner @{user_cache_dirs}/#@{int} rw,
|
owner @{user_cache_dirs}/#@{int} rw,
|
||||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
@ -65,8 +62,6 @@
|
||||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kwinrc r,
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
owner @{user_config_dirs}/menus/ r,
|
|
||||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
|
||||||
owner @{user_config_dirs}/session/ rw,
|
owner @{user_config_dirs}/session/ rw,
|
||||||
owner @{user_config_dirs}/session/@{profile_name}* rwlk,
|
owner @{user_config_dirs}/session/@{profile_name}* rwlk,
|
||||||
owner @{user_config_dirs}/session/#@{int} rw,
|
owner @{user_config_dirs}/session/#@{int} rw,
|
||||||
|
|
@ -82,7 +77,7 @@
|
||||||
# end
|
# end
|
||||||
|
|
||||||
/usr/share/desktop-base/{,**} r,
|
/usr/share/desktop-base/{,**} r,
|
||||||
/usr/share/hwdata/*.ids r,
|
/usr/share/hwdata/*.ids r, # FIXME: a bit too wide
|
||||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||||
|
|
||||||
include if exists <abstractions/desktop.d>
|
include if exists <abstractions/desktop.d>
|
||||||
|
|
|
||||||
|
|
@ -12,11 +12,16 @@
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
/etc/gnome/defaults.list r,
|
||||||
/etc/xfce4/defaults.list r,
|
/etc/xfce4/defaults.list r,
|
||||||
|
/etc/xdg/menus/ r,
|
||||||
|
/etc/xdg/menus/applications-merged/{,**} r,
|
||||||
|
|
||||||
/var/lib/snapd/desktop/applications/{,**} r,
|
/var/lib/snapd/desktop/applications/{,**} r,
|
||||||
|
|
||||||
owner @{user_share_dirs}/applications/{,**} r,
|
owner @{user_share_dirs}/applications/{,**} r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/menus/ r,
|
||||||
|
owner @{user_config_dirs}/menus/applications-merged/{,**} r,
|
||||||
|
|
||||||
include if exists <abstractions/desktop-files.d>
|
include if exists <abstractions/desktop-files.d>
|
||||||
|
|
||||||
# vim:syntax=apparmor
|
# vim:syntax=apparmor
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,14 @@
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <abstractions/desktop-files>
|
||||||
include <abstractions/fonts>
|
include <abstractions/fonts>
|
||||||
include <abstractions/freedesktop.org>
|
include <abstractions/gsettings>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/icons>
|
||||||
|
include <abstractions/mime>
|
||||||
|
include <abstractions/qt5>
|
||||||
|
include <abstractions/recently-used>
|
||||||
include <abstractions/wayland>
|
include <abstractions/wayland>
|
||||||
include <abstractions/X-strict>
|
include <abstractions/X-strict>
|
||||||
include <abstractions/xdg-desktop>
|
include <abstractions/xdg-desktop>
|
||||||
|
|
@ -20,14 +25,9 @@
|
||||||
/usr/share/hwdata/*.ids r,
|
/usr/share/hwdata/*.ids r,
|
||||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||||
|
|
||||||
/usr/{local/,}share/ r,
|
@{system_share_dirs}/gvfs/remote-volume-monitors/{,*} r,
|
||||||
/usr/{local/,}share/glib-@{int}.@{int}/schemas/** r,
|
|
||||||
/usr/{local/,}share/gvfs/remote-volume-monitors/{,*} r,
|
|
||||||
|
|
||||||
/etc/gnome/* r,
|
/etc/gnome/* r,
|
||||||
/etc/xdg/{,*-}mimeapps.list r,
|
|
||||||
|
|
||||||
/var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
|
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
@{system_share_dirs}/ r,
|
||||||
@{system_share_dirs}/glib-2.0/schemas/ r,
|
@{system_share_dirs}/glib-2.0/schemas/ r,
|
||||||
@{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r,
|
@{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,10 +16,7 @@
|
||||||
|
|
||||||
owner @{HOME}/.icons/{,**} r,
|
owner @{HOME}/.icons/{,**} r,
|
||||||
|
|
||||||
owner @{user_config_dirs}/mimeapps.list r,
|
|
||||||
|
|
||||||
owner @{user_share_dirs}/icons/{,**} r,
|
owner @{user_share_dirs}/icons/{,**} r,
|
||||||
owner @{user_share_dirs}/mime/{,**} r,
|
|
||||||
|
|
||||||
include if exists <abstractions/icons.d>
|
include if exists <abstractions/icons.d>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,14 @@
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <abstractions/desktop-files>
|
||||||
include <abstractions/fonts>
|
include <abstractions/fonts>
|
||||||
include <abstractions/freedesktop.org>
|
include <abstractions/gsettings>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/icons>
|
||||||
|
include <abstractions/mime>
|
||||||
include <abstractions/qt5>
|
include <abstractions/qt5>
|
||||||
|
include <abstractions/recently-used>
|
||||||
include <abstractions/wayland>
|
include <abstractions/wayland>
|
||||||
include <abstractions/X-strict>
|
include <abstractions/X-strict>
|
||||||
include <abstractions/xdg-desktop>
|
include <abstractions/xdg-desktop>
|
||||||
|
|
@ -26,8 +30,6 @@
|
||||||
/etc/xdg/kcminputrc r,
|
/etc/xdg/kcminputrc r,
|
||||||
/etc/xdg/kdeglobals r,
|
/etc/xdg/kdeglobals r,
|
||||||
/etc/xdg/kwinrc r,
|
/etc/xdg/kwinrc r,
|
||||||
/etc/xdg/menus/ r,
|
|
||||||
/etc/xdg/menus/applications-merged/ r,
|
|
||||||
|
|
||||||
owner @{user_cache_dirs}/#@{int} rw,
|
owner @{user_cache_dirs}/#@{int} rw,
|
||||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
@ -42,8 +44,6 @@
|
||||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kwinrc r,
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
owner @{user_config_dirs}/menus/ r,
|
|
||||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
|
||||||
owner @{user_config_dirs}/session/ rw,
|
owner @{user_config_dirs}/session/ rw,
|
||||||
owner @{user_config_dirs}/session/*_@{hex}_@{int}_@{int} rwlk,
|
owner @{user_config_dirs}/session/*_@{hex}_@{int}_@{int} rwlk,
|
||||||
owner @{user_config_dirs}/session/#@{int} rw,
|
owner @{user_config_dirs}/session/#@{int} rw,
|
||||||
|
|
|
||||||
|
|
@ -9,8 +9,13 @@
|
||||||
@{system_share_dirs}/mime/{,**} r,
|
@{system_share_dirs}/mime/{,**} r,
|
||||||
|
|
||||||
/etc/mime.types r,
|
/etc/mime.types r,
|
||||||
|
/etc/xdg/{,*-}mimeapps.list r,
|
||||||
|
|
||||||
owner @{user_share_dirs}/mime/mime.cache r,
|
/var/cache/gio-@{version}/{,*-}-mimeapps.list r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/mimeapps.list r,
|
||||||
|
|
||||||
|
owner @{user_share_dirs}/mime/{,**} r,
|
||||||
|
|
||||||
include if exists <abstractions/mime.d>
|
include if exists <abstractions/mime.d>
|
||||||
|
|
||||||
|
|
|
||||||
21
apparmor.d/abstractions/recently-used
Normal file
21
apparmor.d/abstractions/recently-used
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2009 Canonical Ltd.
|
||||||
|
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
owner @{HOME}/.recently-used.xbel rw,
|
||||||
|
owner @{HOME}/.recently-used.xbel.@{rand6} rwl,
|
||||||
|
owner @{HOME}/.recently-used.xbel.lock rwk,
|
||||||
|
|
||||||
|
owner @{user_share_dirs}/#@{int} rw,
|
||||||
|
owner @{user_share_dirs}/recently-used.xbel rw,
|
||||||
|
owner @{user_share_dirs}/recently-used.xbel.@{rand6} rwl,
|
||||||
|
owner @{user_share_dirs}/recently-used.xbel.lock rwk,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/user-dirs.dirs r, # FIXME: not here?
|
||||||
|
|
||||||
|
include if exists <abstractions/recently-used.d>
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
Loading…
Add table
Add a link
Reference in a new issue