feat(profiles): add dbus rules for some common profiles.
This commit is contained in:
Alexandre Pujol
parent
e949654614
commit
583d7a15f0
43 changed files with 584 additions and 6 deletions
|
|
@ -13,6 +13,12 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability sys_nice,
|
||||
|
||||
dbus receive
|
||||
bus=system
|
||||
path=/org/freedesktop/login[0-9]/session/_[0-9]*
|
||||
interface=org.freedesktop.login[0-9].Session
|
||||
member=Unlock,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{run}/spice-vdagentd/spice-vdagent-sock r,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,17 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus receive bus=system path=/net/hadess/SwitcherooControl
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus bind bus=system
|
||||
name=net.hadess.SwitcherooControl,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{run}/udev/data/+drm:* r,
|
||||
|
|
|
|||
|
|
@ -26,6 +26,32 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/UDisks2{,/**}
|
||||
interface=org.freedesktop.{DBus*,UDisks2*},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=Changed,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={ReleaseName,GetConnectionUnixUser},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login[0-9]
|
||||
interface=org.freedesktop.login[0-9].Manager
|
||||
member=Inhibit,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
|
||||
interface=org.freedesktop.PolicyKit[0-9].Authority
|
||||
member=CheckAuthorization,
|
||||
|
||||
dbus bind bus=system
|
||||
name=org.freedesktop.UDisks2,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/{,ba,da}sh rix,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2018-2021 Mikhail Morfikov
|
||||
# 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2018-2022 Mikhail Morfikov
|
||||
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
|
@ -25,6 +25,13 @@ profile wpa-supplicant @{exec_path} {
|
|||
network packet raw,
|
||||
network packet dgram,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=RequestName,
|
||||
|
||||
dbus bind bus=system
|
||||
name=fi.w1.wpa_supplicant[0-9],
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{HOME}/.cat_installer/*.pem r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue