felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile) gvfs: more dbus integration.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-22 20:40:36 +02:00
parent f18fc88253
commit 53df40b8ac
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 59 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/gvfs/gvfsd-dnssd
View file

@ -38,6 +38,11 @@ profile gvfsd-dnssd @{exec_path} {
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
@{exec_path} mr,
owner @{run}/user/@{uid}/gvfsd/ rw,

1
apparmor.d/groups/gvfs/gvfsd-http
View file

@ -11,6 +11,7 @@ include <tunables/global>
profile gvfsd-http @{exec_path} {
include <abstractions/base>
include <abstractions/bus-session>
include <abstractions/bus/org.gtk.vfs.Daemon>
include <abstractions/dconf-write>
include <abstractions/freedesktop.org>
include <abstractions/nameservice-strict>

10
apparmor.d/groups/gvfs/gvfsd-network
View file

@ -32,6 +32,16 @@ profile gvfsd-network @{exec_path} {
member={MountLocation,LookupMount,RegisterMount}
peer=(name="@{busname}", label=gvfsd),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
dbus send bus=session path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=GetConnection
peer=(name=@{busname}),
@{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

5
apparmor.d/groups/gvfs/gvfsd-recent
View file

@ -33,6 +33,11 @@ profile gvfsd-recent @{exec_path} {
member=RegisterMount
peer=(name="@{busname}", label=gvfsd),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
@{exec_path} mr,
# Full access to user's data

26
apparmor.d/groups/gvfs/gvfsd-sftp
View file

@ -10,10 +10,36 @@ include <tunables/global>
@{exec_path} = @{lib}/{,gvfs/}gvfsd-sftp
profile gvfsd-sftp @{exec_path} {
include <abstractions/base>
include <abstractions/bus-session>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/consoles>
include <abstractions/freedesktop.org>
include <abstractions/nameservice-strict>
#aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
dbus receive bus=session path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=GetConnection
peer=(name=@{busname}, label=gnome-extension-gsconnect),
dbus receive bus=session path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=GetConnection
peer=(name=@{busname}, label=nautilus),
dbus receive bus=session path=/org/gtk/vfs/mountable
interface=org.gtk.vfs.Mountable
member=Mount
peer=(name=:*, label=gvfsd),
dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int}
interface=org.gtk.vfs.Spawner
member=Spawned
peer=(name=:*, label=gvfsd),
dbus send bus=session path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker
member=RegisterMount
peer=(name=:*, label=gvfsd),
@{exec_path} mr,
@{bin}/ssh rPx,

13
apparmor.d/groups/gvfs/gvfsd-wsdd
View file

@ -13,6 +13,7 @@ profile gvfsd-wsdd @{exec_path} {
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.NetworkManager>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/nameservice-strict>
network netlink raw,
@ -31,9 +32,19 @@ profile gvfsd-wsdd @{exec_path} {
member=RegisterMount
peer=(name="@{busname}", label=gvfsd),
dbus receive bus=session path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=GetConnection
peer=(name=@{busname}, label=gvfsd-network),
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
@{exec_path} mr,
@{bin}/env r,
@{bin}/env mr,
@{bin}/wsdd rPx,
@{run}/mount/utab r,