From 64c2ee5fe9391a1ed35a4ab79bc08c2abf6ba0d4 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 11 Sep 2024 19:48:31 +0100
Subject: [PATCH] feat(abs): add app/bus

Useful to confine dbus access in scripts.
---
 apparmor.d/abstractions/app/bus | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 apparmor.d/abstractions/app/bus

diff --git a/apparmor.d/abstractions/app/bus b/apparmor.d/abstractions/app/bus
new file mode 100644
index 000000000..d1d0d8cb7
--- /dev/null
+++ b/apparmor.d/abstractions/app/bus
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Minimal set of rules for dbus-send/dbus-launch.
+
+  include <abstractions/nameservice-strict>
+
+  @{bin}/dbus-launch  mix,
+  @{bin}/dbus-send    mix,
+
+  @{bin}/dbus-daemon   Px -> dbus-session,
+
+  owner @{HOME}/.dbus/session-bus/@{hex}-@{int} w,
+
+  include if exists <abstractions/app/bus.d>
+
+# vim:syntax=apparmor