diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd index a2f5fbd87..f1d67b038 100644 --- a/apparmor.d/groups/_full/systemd +++ b/apparmor.d/groups/_full/systemd @@ -145,10 +145,11 @@ profile systemd flags=(attach_disconnected,mediate_deleted) { #aa:dbus own bus=system name=org.freedesktop.systemd1 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetConnectionUnixUser - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), + # For stacked profiles + #aa:dbus own bus=system name=org.freedesktop.network1 + #aa:dbus own bus=system name=org.freedesktop.oom1 + #aa:dbus own bus=system name=org.freedesktop.resolve1 + #aa:dbus own bus=system name=org.freedesktop.timesync1 @{bin}/** Px, @{lib}/** Px, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index 0c413fa90..fc5d1b3cc 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -52,11 +52,6 @@ profile apt @{exec_path} flags=(attach_disconnected) { member=StateHasChanged peer=(name=org.freedesktop.PackageKit), - dbus send bus=system path=/org/freedesktop/DBus/Bus - interface=org.freedesktop.DBus - member={GetConnectionUnixProcessID,GetConnectionUnixUser} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - dbus send bus=system interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/filesystem/udisksd b/apparmor.d/groups/filesystem/udisksd index 90ea63dd2..ae1e76c19 100644 --- a/apparmor.d/groups/filesystem/udisksd +++ b/apparmor.d/groups/filesystem/udisksd @@ -67,11 +67,6 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{sh_path} rix, diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index 42758585f..d3aaa753f 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -25,11 +25,6 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.Accounts - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{bin}/adduser rPx, diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index 26a07d8aa..031ba0605 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -22,11 +22,6 @@ profile colord @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.ColorManager - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mrix, /etc/machine-id r, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index 4492c7598..470152db4 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -27,11 +27,6 @@ profile geoclue @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.GeoClue2 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index da4350d74..f4c9367cd 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -25,11 +25,6 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=session name=org.pulseaudio.Server - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index fa1e44d00..af6f30e9c 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -23,11 +23,6 @@ profile pipewire-media-session @{exec_path} { network bluetooth stream, network netlink raw, - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetConnectionUnixProcessID - peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 2dfca622f..b5fc76fc7 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -44,11 +44,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents label=xdg-document-portal - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 10d116a6c..dca6cda16 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -37,11 +37,6 @@ profile gdm @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixProcessID,GetConnectionUnixUser} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{sh_path} rix, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index f7cb96dea..139063cdc 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -36,7 +36,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment} + member=UpdateActivationEnvironment peer=(name=org.freedesktop.DBus label="@{p_dbus_session}"), dbus send bus=session path=/org/freedesktop/systemd1 diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index fd7706218..e21a54a76 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -111,24 +111,15 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { member={RegisterWithCapabilities,Unregister} peer=(name=:*, label=NetworkManager), - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetNameOwner,ListNames} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - # Session bus - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetNameOwner,ListNames} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus.Properties member=GetAll peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), dbus send bus=session path=/ interface=org.freedesktop.DBus - member={GetConnectionUnixProcessID,GetNameOwner,ListNames} + member={GetNameOwner,ListNames} peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), dbus send bus=accessibility path=/org/a11y/atspi/accessible/root diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 1bb2de231..3c789427b 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -72,11 +72,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { member=InterfacesAdded peer=(name=org.freedesktop.DBus, label=nm-online), - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{sh_path} rix, diff --git a/apparmor.d/groups/polkit/polkitd b/apparmor.d/groups/polkit/polkitd index 649fe9ceb..d0581ba0e 100644 --- a/apparmor.d/groups/polkit/polkitd +++ b/apparmor.d/groups/polkit/polkitd @@ -23,11 +23,6 @@ profile polkitd @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.PolicyKit1 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{bin}/pkla-check-authorization rPUx, diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index cd77b9826..01d04989b 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -22,11 +22,6 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.hostname1 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetConnectionUnixUser - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{etc_rw}/.#hostname* rw, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index f558e57e7..f38de6b67 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -41,11 +41,6 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(label=ksmserver-logout-greeter), - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetConnectionCredentials} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, /etc/machine-id r, diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved index f693cbee4..8f4b5bc57 100644 --- a/apparmor.d/groups/systemd/systemd-resolved +++ b/apparmor.d/groups/systemd/systemd-resolved @@ -31,11 +31,6 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.resolve1 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, /etc/systemd/resolved.conf r, diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index 5abf1d294..75d5197ae 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -40,11 +40,6 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) { #aa:dbus own bus=system name=org.freedesktop.fwupd path=/ #aa:dbus talk bus=system name=org.freedesktop.UDisks2 label=udisksd - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{lib}/fwupd/fwupd-detect-cet rix, diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 4d1f2f756..bcd9ba6b7 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -40,11 +40,6 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.PackageKit - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, @{bin}/gpg{,2} rCx -> gpg, diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index d3a88d78a..68837a52d 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -23,11 +23,6 @@ profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.freedesktop.RealtimeKit1 - dbus send bus=system path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={GetConnectionUnixUser,GetConnectionUnixProcessID} - peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), - @{exec_path} mr, # When applying policies to processes