felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup wechat profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-06 17:38:41 +02:00
parent e0174ac95e
commit 3f37b64668
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 33 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

16
apparmor.d/profiles-s-z/wechat
View file

@ -28,14 +28,14 @@ profile wechat @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{sh_path} rix, @{sh_path} rix,
@{lib_dirs}/crashpad_handler ix, @{bin}/{m,g,}awk rix,
@{bin}/mkdir ix, @{bin}/ip rix,
@{bin}/{m,g,}awk rix, @{bin}/lsblk Px,
@{bin}/lsblk rPx, @{bin}/mkdir rix,
@{bin}/ip rix, @{bin}/xdg-user-dir rix,
@{bin}/xdg-user-dir rix, @{lib_dirs}/crashpad_handler ix,
@{open_path} rpx -> child-open-strict, @{open_path} Px -> child-open-strict,
owner @{HOME}/.xwechat/{,**} rwk, owner @{HOME}/.xwechat/{,**} rwk,
owner @{user_documents_dirs}/xwechat_files/{,**} rwk, owner @{user_documents_dirs}/xwechat_files/{,**} rwk,

33
apparmor.d/profiles-s-z/wechat-appimage Normal file → Executable file
View file

@ -33,33 +33,28 @@ profile wechat-appimage @{exec_path} flags=(attach_disconnected) {
@{exec_path} r, @{exec_path} r,
@{sh_path} rix, @{sh_path} rix,
@{lib_dirs}/wechat-appimage.AppImage ix, @{bin}/dirname rix,
/tmp/.mount_wechat??????/AppRun ix, @{bin}/fusermount{,3} Cx -> fusermount,
@{bin}/mkdir ix, @{bin}/{m,g,}awk rix,
@{bin}/{m,g,}awk rix, @{bin}/lsblk Px,
@{bin}/lsblk rPx, @{bin}/mkdir rix,
@{bin}/ip rix, @{bin}/readlink rix,
@{bin}/xdg-user-dir rix, @{bin}/xdg-user-dir rix,
@{tmp}/.mount_wechat@{word6}/opt/wechat/{,**} ix, @{bin}/ip rix,
@{tmp}/.mount_wechat@{word6}/usr/bin/wechat ix, @{lib_dirs}/wechat-appimage.AppImage ix,
@{open_path} rpx -> child-open-strict, @{open_path} Px -> child-open-strict,
@{bin}/fusermount{,3} Cx -> fusermount, @{bin}/fusermount{,3} Cx -> fusermount,
@{bin}/dirname rix, @{bin}/dirname rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/ r, @{tmp}/.mount_wechat@{word6}/opt/wechat/{,**} ix,
@{bin}/*/ r, @{tmp}/.mount_wechat@{word6}/usr/bin/wechat ix,
/usr/local/bin/ r, @{tmp}/.mount_wechat@{word6}/AppRun ix,
/usr/local/sbin/ r,
/etc/machine-id r, /etc/machine-id r,
@{tmp}/.mount_wechat@{word6}/AppRun r,
@{tmp}/.mount_wechat@{word6}/ rw,
@{tmp}/.mount_wechat@{word6}/opt/wechat/{,**} mr,
@{HOME}/.xwechat/{,**} rwk, @{HOME}/.xwechat/{,**} rwk,
owner @{user_documents_dirs}/xwechat_files/{,**} rwk, owner @{user_documents_dirs}/xwechat_files/{,**} rwk,

22
apparmor.d/profiles-s-z/wechat-universal
View file

@ -29,21 +29,21 @@ profile wechat-universal @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,
@{lib}/wechat-universal/common.sh ix, @{bin}/bwrap rix,
@{bin}/sed ix, @{bin}/ln ix,
@{bin}/ln ix, @{bin}/lsblk Px,
@{bin}/mkdir ix, @{bin}/mkdir ix,
@{bin}/lsblk Px, @{bin}/sed ix,
@{bin}/bwrap rix, @{bin}/xdg-user-dir rix,
@{bin}/xdg-user-dir rix, @{lib_dirs}/crashpad_handler ix,
@{lib_dirs}/crashpad_handler ix, @{lib}/wechat-appimage.AppImage ix,
@{open_path} rPx -> child-open-strict, @{open_path} Px -> child-open-strict,
/etc/lsb-release r, /etc/lsb-release r,
/etc/machine-id r, /etc/machine-id r,
owner @{HOME}/@{XDG_DOCUMENTS_DIR}/WeChat_Data/{,**} rwk, owner @{user_documents_dirs}/WeChat_Data/{,**} rwk,
owner @{HOME}/.xwechat/{,**} rwk, owner @{HOME}/.xwechat/{,**} rwk,
owner @{HOME}/.sys1og.conf rw, owner @{HOME}/.sys1og.conf rw,