feat(abs): common/gnome: remove open_path from the abs, add bus accessibility.
This commit is contained in:
Alexandre Pujol
parent
2ef038e8d9
commit
7b73adceeb
23 changed files with 44 additions and 34 deletions
|
|
@ -10,7 +10,6 @@ include <tunables/global>
|
|||
profile epiphany @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-server>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.freedesktop.GeoClue2>
|
||||
include <abstractions/common/bwrap>
|
||||
|
|
@ -33,6 +32,8 @@ profile epiphany @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
@{bin}/bwrap rix,
|
||||
@{bin}/xdg-dbus-proxy rix,
|
||||
@{lib}/{,@{multiarch}/}webkit{,2}gtk-*/WebKit{Web,Network}Process rix,
|
||||
|
|
@ -64,7 +65,6 @@ profile epiphany @{exec_path} flags=(attach_disconnected) {
|
|||
@{PROC}/zoneinfo r,
|
||||
owner @{PROC}/@{pid}/smaps r,
|
||||
owner @{PROC}/@{pid}/statm r,
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
||||
deny @{user_share_dirs}/gvfs-metadata/* r,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@ profile gnome-calculator @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-calculator>
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,9 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/gnome-calendar
|
||||
profile gnome-calendar @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/bus/org.freedesktop.login1>
|
||||
include <abstractions/bus/org.freedesktop.NetworkManager>
|
||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||
|
|
@ -40,6 +38,7 @@ profile gnome-calendar @{exec_path} {
|
|||
peer=(name=:*, label=evolution-source-registry),
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
/usr/share/evolution-data-server/{,**} r,
|
||||
/usr/share/libgweather/Locations.xml r,
|
||||
|
|
|
|||
|
|
@ -10,9 +10,7 @@ include <tunables/global>
|
|||
profile gnome-clocks @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||
include <abstractions/common/gnome>
|
||||
|
|
@ -24,6 +22,7 @@ profile gnome-clocks @{exec_path} {
|
|||
#aa:dbus own bus=session name=org.gnome.clocks
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-clocks>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/gnome-contacts
|
||||
profile gnome-contacts @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||
include <abstractions/common/gnome>
|
||||
include <abstractions/gstreamer>
|
||||
|
|
@ -26,6 +24,7 @@ profile gnome-contacts @{exec_path} {
|
|||
#aa:dbus talk bus=session name=org.gnome.OnlineAccounts label=goa-daemon
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
|
||||
owner @{user_share_dirs}/folks/relationships.ini r,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ profile gnome-extensions-app @{exec_path} {
|
|||
|
||||
@{sh_path} rix,
|
||||
@{bin}/gjs-console rix,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
||||
/usr/share/terminfo/** r,
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ profile gnome-firmware @{exec_path} {
|
|||
#aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-firmware>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ profile gnome-font-viewer @{exec_path} {
|
|||
include <abstractions/common/gnome>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-font-viewer>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ profile gnome-logs @{exec_path} {
|
|||
include <abstractions/user-download-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ profile gnome-maps @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
audit @{bin}/gjs-console rix,
|
||||
|
||||
owner @{user_pictures_dirs}/** rw,
|
||||
|
|
|
|||
|
|
@ -28,6 +28,9 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
|
|||
#aa:dbus talk bus=session name=org.freedesktop.Tracker3.Writeback label=tracker-writeback
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
@{bin}/ r,
|
||||
@{bin}/env r,
|
||||
@{bin}/python3.@{int} rix,
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ profile gnome-recipes @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/tar rix,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-recipes>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ profile gnome-text-editor @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw,
|
||||
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ profile gnome-tour @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
include if exists <local/gnome-tour>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ profile gnome-weather @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
@{bin}/gjs-console rix,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
/usr/share/org.gnome.Weather/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,8 +10,6 @@ include <tunables/global>
|
|||
profile yelp @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/common/gnome>
|
||||
|
||||
network netlink raw,
|
||||
|
|
@ -19,6 +17,7 @@ profile yelp @{exec_path} {
|
|||
#aa:dbus own bus=session name=org.gnome.Yelp
|
||||
|
||||
@{exec_path} mr,
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
@{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rix,
|
||||
@{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitWebProcess rix,
|
||||
|
|
@ -32,7 +31,7 @@ profile yelp @{exec_path} {
|
|||
@{sys}/devices/virtual/dmi/id/chassis_type r,
|
||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-yelp-*.scope/memory.* r,
|
||||
|
||||
owner @{sys}/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/*.slice/*/memory.* r,
|
||||
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/*.slice/*/memory.* r,
|
||||
|
||||
@{PROC}/zoneinfo r,
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue