feat(dbus): rewrite some dbus rules (7).
This commit is contained in:
Alexandre Pujol
parent
081c8a4fa1
commit
538ec25001
43 changed files with 221 additions and 377 deletions
|
|
@ -31,11 +31,6 @@ profile evolution-alarm-notify @{exec_path} {
|
|||
interface=org.freedesktop.DBus.{ObjectManager,Properties}
|
||||
peer=(name=:*, label=evolution-*),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/evolution-data-server/{,**} r,
|
||||
|
|
|
|||
|
|
@ -23,11 +23,12 @@ profile evolution-source-registry @{exec_path} {
|
|||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int},
|
||||
|
||||
dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
|
||||
interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
|
||||
interface=org.gnome.evolution.dataserver.Source{,.*}
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
|
@ -51,19 +52,8 @@ profile evolution-source-registry @{exec_path} {
|
|||
owner @{user_share_dirs}/evolution/{,**} r,
|
||||
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
||||
|
||||
# new user; change to 'c'
|
||||
owner @{user_config_dirs}/evolution/ w,
|
||||
owner @{user_share_dirs}/evolution/ w,
|
||||
owner @{user_share_dirs}/evolution/addressbook/ w,
|
||||
owner @{user_share_dirs}/evolution/addressbook/trash/ w,
|
||||
owner @{user_share_dirs}/evolution/calendar/ w,
|
||||
owner @{user_share_dirs}/evolution/calendar/trash/ w,
|
||||
owner @{user_share_dirs}/evolution/mail/ w,
|
||||
owner @{user_share_dirs}/evolution/mail/trash/ w,
|
||||
owner @{user_share_dirs}/evolution/memos/ w,
|
||||
owner @{user_share_dirs}/evolution/memos/trash/ w,
|
||||
owner @{user_share_dirs}/evolution/tasks/ w,
|
||||
owner @{user_share_dirs}/evolution/tasks/trash/ w,
|
||||
owner @{user_config_dirs}/evolution/{,**/} w,
|
||||
owner @{user_share_dirs}/evolution/{,**/} w,
|
||||
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
@{PROC}/cmdline r,
|
||||
|
|
|
|||
|
|
@ -47,6 +47,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.gnome.ScreenSaver
|
||||
peer=(name=org.gnome.Shell.ScreenShield),
|
||||
dbus send bus=session path=/org/gnome/ScreenSaver
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*), # all members
|
||||
|
|
|
|||
|
|
@ -21,6 +21,11 @@ profile gnome-calculator-search-provider @{exec_path} {
|
|||
|
||||
signal (send) set=kill peer=unconfined,
|
||||
|
||||
dbus bind bus=session name=org.gnome.Calculator.SearchProvider,
|
||||
dbus receive bus=session path=/org/gnome/Calculator/SearchProvider
|
||||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mrix,
|
||||
/{usr/,}bin/[a-z0-9]* rPUx,
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
|
@ -9,8 +9,14 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/gnome-calendar
|
||||
profile gnome-calendar @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/desktop>
|
||||
include <abstractions/bus/login>
|
||||
include <abstractions/bus/network-manager>
|
||||
include <abstractions/bus/timedate>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gnome>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/opencl>
|
||||
|
|
@ -21,15 +27,28 @@ profile gnome-calendar @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.gnome.Calendar,
|
||||
dbus receive bus=session path=/org/gnome/Calendar/SearchProvider
|
||||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*, label=evolution-*),
|
||||
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||
interface=org.gnome.evolution.dataserver.*
|
||||
peer=(name=:*, label=evolution-*),
|
||||
dbus send bus=session path=/org/gnome/evolution/dataserver/**
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label=evolution-*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/egl/{,**} r,
|
||||
/usr/share/evolution-data-server/{,**} r,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/libgweather/Locations.xml r,
|
||||
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
include if exists <local/gnome-calendar>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters
|
||||
profile gnome-characters @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/desktop>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
|
|
@ -18,6 +21,11 @@ profile gnome-characters @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/vulkan>
|
||||
|
||||
dbus bind bus=session name=org.gnome.Characters,
|
||||
dbus receive bus=session path=/org/gnome/Characters/SearchProvider
|
||||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/gjs-console rix,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,10 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gnome-control-center-goa-helper
|
||||
profile gnome-control-center-goa-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/avahi>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
|
|
|
|||
|
|
@ -18,7 +18,11 @@ profile gnome-control-center-search-provider @{exec_path} {
|
|||
include <abstractions/gtk>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/vulkan>
|
||||
include <abstractions/wayland>
|
||||
|
||||
dbus bind bus=session name=org.gnome.Settings.SearchProvider,
|
||||
dbus receive bus=session path=/org/gnome/Settings/SearchProvider
|
||||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
|||
profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/desktop>
|
||||
include <abstractions/bus/login-session>
|
||||
include <abstractions/bus/session-manager>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/gnome-screensaver>
|
||||
include <abstractions/bus/login-session>
|
||||
include <abstractions/bus/login>
|
||||
include <abstractions/bus/systemd-session>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
|
|
@ -38,6 +39,29 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=(term) peer=gsd-*,
|
||||
|
||||
dbus bind bus=session name=org.gnome.SessionManager,
|
||||
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus receive bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface=org.gnome.SessionManager
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
dbus send bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface=org.gnome.SessionManager
|
||||
peer=(name=org.freedesktop.DBus,),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Presence
|
||||
interface=org.gnome.SessionManager.Presence
|
||||
member=StatusChanged
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
||||
interface=org.gnome.Mutter.IdleMonitor
|
||||
member=WatchFired
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
|
|
@ -54,39 +78,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member=SetIdleHint
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
|
||||
dbus (send,receive) bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface={org.freedesktop.DBus.Introspectable,org.gnome.SessionManager**},
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SessionManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=at-spi2-registryd),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Client@{int}
|
||||
interface=org.gnome.SessionManager.ClientPrivate
|
||||
member=CancelEndSession
|
||||
peer=(name=org.freedesktop.DBus, label=gsd-*),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/Presence
|
||||
interface=org.gnome.SessionManager.Presence
|
||||
member=StatusChanged
|
||||
peer=(name=org.freedesktop.DBus, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/EndSessionDialog
|
||||
interface=org.gnome.SessionManager.EndSessionDialog
|
||||
member=Open
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SessionManager/EndSessionDialog
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus (send, receive) bus=session path=/org/gnome/SessionManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,PropertiesChanged}
|
||||
peer=(name="{org.freedesktop.DBus,:*}", label="{gsd-*,gnome-*,xdg-desktop-portal-*}"),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
peer=(name=org.freedesktop.systemd1, label=@{systemd}),
|
||||
|
|
@ -106,11 +97,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
member=WatchFired
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,z,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -12,10 +12,13 @@ profile goa-identity-service @{exec_path} {
|
|||
include <abstractions/authentication>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
dbus bind bus=session name=org.gnome.Identity,
|
||||
dbus receive bus=session path=/org/gnome/Identity
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label=goa-daemon),
|
||||
peer=(name=:*),
|
||||
dbus receive bus=session path=/org/gnome/Identity/Manager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/gnome/OnlineAccounts
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
|
|
@ -27,13 +30,6 @@ profile goa-identity-service @{exec_path} {
|
|||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/Identity/Manager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=goa-daemon),
|
||||
|
||||
dbus bind bus=session name=org.gnome.Identity,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/goa-identity-service>
|
||||
|
|
|
|||
|
|
@ -66,6 +66,10 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-rfkill),
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=gsd-rfkill),
|
||||
|
||||
dbus send bus=session path=/
|
||||
interface=org.freedesktop.DBus
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/audio>
|
||||
include <abstractions/bus/atspi>
|
||||
include <abstractions/bus/gnome-screensaver>
|
||||
include <abstractions/bus/login-session>
|
||||
include <abstractions/bus/login>
|
||||
include <abstractions/bus/session-manager>
|
||||
include <abstractions/bus/upower>
|
||||
|
|
@ -44,23 +45,32 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/gnome/Mutter/**
|
||||
interface=org.gnome.Mutter.IdleMonitor
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
dbus receive bus=session path=/org/gnome/Mutter/DisplayConfig
|
||||
interface=org.gnome.Mutter.DisplayConfig
|
||||
member=MonitorsChanged
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
dbus receive bus=session path=/org/gnome/Mutter/IdleMonitor/Core
|
||||
interface=org.gnome.Mutter.IdleMonitor
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight
|
||||
interface=org.freedesktop.UPower.KbdBacklight
|
||||
member=GetBrightness
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd[0-9]
|
||||
dbus send bus=system path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
member=GetAll
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/session/auto
|
||||
interface=org.freedesktop.login1.Session
|
||||
member=SetBrightness,
|
||||
member=SetBrightness
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-print-notifications
|
||||
profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/avahi>
|
||||
include <abstractions/bus/session-manager>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -31,10 +32,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
|
||||
|
||||
dbus receive bus=system path=/org/cups/cupsd/Notifier
|
||||
interface=org.cups.cupsd.Notifier,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gsd-rfkill
|
||||
profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/hostname>
|
||||
include <abstractions/bus/modem-manager>
|
||||
include <abstractions/bus/network-manager>
|
||||
include <abstractions/bus/session-manager>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
|
|
@ -18,41 +21,12 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
|||
network netlink raw,
|
||||
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Rfkill,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ModemManager[0-9]
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects,
|
||||
|
||||
dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus, label=gsd-media-keys),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label="{gsd-media-keys,gnome-shell}"),
|
||||
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=org.freedesktop.DBus, label=gnome-shell),
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
|||
|
|
@ -18,12 +18,10 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus bind bus=session name=org.gnome.SettingsDaemon.Smartcard,
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus receive bus=session path=/org/gnome/SettingsDaemon/Smartcard
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
|
|||
|
|
@ -13,20 +13,11 @@ profile mutter-x11-frames @{exec_path} {
|
|||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/nvidia>
|
||||
include <abstractions/vulkan>
|
||||
include <abstractions/wayland>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
dbus receive bus=session path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/seahorse
|
||||
profile seahorse @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/avahi>
|
||||
include <abstractions/bus/desktop>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
|
@ -17,24 +19,15 @@ profile seahorse @{exec_path} {
|
|||
include <abstractions/p11-kit>
|
||||
include <abstractions/ssl_certs>
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
dbus bind bus=session name=org.gnome.seahorse.Application,
|
||||
dbus receive bus=session path=/org/gnome/seahorse/Application
|
||||
interface=org.gnome.Shell.SearchProvider2
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.Avahi.Server
|
||||
member={GetAPIVersion,GetState,ServiceBrowserNew}
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus send bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member=Free
|
||||
peer=(name=org.freedesktop.Avahi),
|
||||
|
||||
dbus receive bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
|
||||
interface=org.freedesktop.Avahi.ServiceBrowser
|
||||
member={CacheExhausted,AllForNow},
|
||||
dbus send bus=session path=/org/freedesktop/secrets
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gnome-keyring-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -39,6 +39,9 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.Tracker3.*
|
||||
peer=(label=tracker-miner),
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/**
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
peer=(name=org.freedesktop.Tracker3.Miner.Files),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue