felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the dconf-write abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 21:55:55 +01:00
parent 583d7a15f0
commit 5d45b8e7a7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
104 changed files with 124 additions and 371 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -12,7 +12,7 @@ include <tunables/global>
profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
signal (receive) set=(term hup kill) peer=dbus-daemon,
@ -35,8 +35,6 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.xsession-errors w,
owner @{run}/user/@{uid}/at-spi/{,bus} rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
/var/lib/lightdm/.Xauthority r,

5
apparmor.d/groups/freedesktop/dconf
View file

@ -9,17 +9,14 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/dconf
profile dconf @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dconf-write>
capability sys_nice,
@{exec_path} mr,
/etc/dconf/{,**} r,
/etc/dconf/db/** rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_config_dirs}/dconf/ rw,
owner @{user_config_dirs}/dconf/user{,.*} rw,

16
apparmor.d/groups/freedesktop/dconf-editor
View file

@ -1,5 +1,6 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# Copyright (C) 2019-2022 Mikhail Morfikov
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@ -9,16 +10,15 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/dconf-editor
profile dconf-editor @{exec_path} {
include <abstractions/base>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/dconf>
include <abstractions/gtk>
@{exec_path} mr,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/glib-2.0/schemas/{,*} r,
# When GSETTINGS_BACKEND=keyfile
owner @{user_config_dirs}/glib-2.0/ rw,
@ -26,11 +26,7 @@ profile dconf-editor @{exec_path} {
owner @{user_config_dirs}/glib-2.0/settings/keyfile rw,
owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw,
/usr/share/glib-2.0/schemas/{,*} r,
owner @{HOME}/.Xauthority r,
# file_inherit
owner /dev/tty[0-9]* rw,
include if exists <local/dconf-editor>

4
apparmor.d/groups/freedesktop/dconf-service
View file

@ -10,15 +10,13 @@ include <tunables/global>
profile dconf-service @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf-write>
signal (receive) set=(term kill hup) peer=dbus-daemon,
signal (receive) set=(term hup) peer=gdm*,
@{exec_path} mr,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_config_dirs}/dconf/ rw,
owner @{user_config_dirs}/dconf/user{,.*} rw,

7
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -14,6 +14,7 @@ profile pulseaudio @{exec_path} {
include <abstractions/consoles>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/gstreamer>
@ -114,18 +115,12 @@ profile pulseaudio @{exec_path} {
owner /var/lib/lightdm/.config/pulse/{,**} rw,
owner /var/lib/lightdm/.config/pulse/cookie k,
owner @{HOME}/.Xauthority r,
owner @{HOME}/.ICEauthority r,
owner @{user_config_dirs}/pulse/{,**} rw,
owner @{user_config_dirs}/dconf/user r,
owner @{user_cache_dirs}/gstreamer-1.0/registry.x86_64.bin r,
owner @{run}/user/@{uid}/ rw,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.* r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,
owner @{run}/user/@{uid}/ICEauthority r,
owner @{run}/user/@{uid}/pulse/{,*} rw,

4
apparmor.d/groups/freedesktop/xdg-desktop-portal
View file

@ -11,7 +11,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/freedesktop.org>
include <abstractions/nameservice-strict>
@ -57,8 +57,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
/var/lib/flatpak/exports/share/applications/{**,} r,
owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/pipewire-[0-9]* rw,
owner @{PROC}/@{pids}/cgroup r,

3
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -11,7 +11,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
@ -39,7 +39,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
owner @{user_share_dirs}/ r,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,

3
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View file

@ -11,7 +11,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
@ -41,7 +41,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{run}/mount/utab r,