feat(abs): unify app launcher abstraction.

2023-12-08 17:53:51 +00:00 · 2023-12-08 17:53:51 +00:00 · 52e52f06db
commit 52e52f06db
parent 9e402987c6
4 changed files with 98 additions and 114 deletions
--- a/apparmor.d/abstractions/app-open
+++ b/apparmor.d/abstractions/app-open
@ -0,0 +1,72 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of
+# this abstraction is to list all GUI program that can open resources.
+
+# Ultimatelly, only sandbox manager program like bwrap, snap, flatpak, firejail
+# should be present here. Until this day, this profile will be a controlled mess.
+
+  # Sandbox managers
+  @{bin}/bwrap                  rPUx,
+  @{bin}/firejail               rPUx,
+  @{bin}/flatpak                rPUx,
+  @{bin}/snap                   rPUx,
+
+  # Files explorer
+  @{bin}/nautilus               rPx,
+
+  # Browsers
+  @{brave_path}                 rPx,
+  @{chrome_path}                rPx,
+  @{chromium_path}              rPx,
+  @{firefox_path}               rPx,
+  @{opera_path}                 rPx,
+
+  # Text editors
+  @{bin}/code                   rPUx,
+  @{bin}/gedit                  rPUx,
+  @{bin}/gnome-text-editor      rPUx,
+  /usr/share/code/{bin/,}code   rPUx,
+
+  # Others
+  @{bin}/*{F,f}oliate           rPUx,
+  @{bin}/blueman-tray           rPx,
+  @{bin}/discord{,-ptb}         rPx,
+  @{bin}/draw.io                rPUx,
+  @{bin}/dropbox                rPx,
+  @{bin}/element-desktop        rPx,
+  @{bin}/engrampa               rPx,
+  @{bin}/eog                    rPUx,
+  @{bin}/evince                 rPx,
+  @{bin}/extension-manager      rPx,
+  @{bin}/file-roller            rPUx,
+  @{bin}/filezilla              rPx,
+  @{bin}/flameshot              rPx,
+  @{bin}/flatpak                rPUx,
+  @{bin}/geany                  rPx,
+  @{bin}/gimp*                  rPUx,
+  @{bin}/gnome-calculator       rPUx,
+  @{bin}/gnome-disk-image-mounter rPx,
+  @{bin}/gnome-disks            rPx,
+  @{bin}/gwenview               rPUx,
+  @{bin}/kgx                    rPx,
+  @{bin}/okular                 rPx,
+  @{bin}/qbittorrent            rPx,
+  @{bin}/qpdfview               rPx,
+  @{bin}/smplayer               rPx,
+  @{bin}/spacefm                rPx,
+  @{bin}/steam-runtime          rPUx,
+  @{bin}/teams                  rPUx,
+  @{bin}/telegram-desktop       rPx,
+  @{bin}/thunderbird            rPx,
+  @{bin}/transmission-gtk       rPx,
+  @{bin}/viewnior               rPUx,
+  @{bin}/vlc                    rPUx,
+  @{bin}/xarchiver              rPx,
+  @{bin}/xbrlapi 	            rPx,
+  @{bin}/yelp                   rPUx,
+  @{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx,
+
+  include if exists <abstractions/app-open.d>