refractor(abs): add screensaver abs, move bus screensaver abs.

2025-08-31 17:38:00 +02:00 · 2025-08-31 17:38:00 +02:00 · 9a4d878557
commit 9a4d878557
parent 9ee2605026
15 changed files with 59 additions and 39 deletions
--- a/apparmor.d/abstractions/app/chromium
+++ b/apparmor.d/abstractions/app/chromium
@ -26,11 +26,9 @@
  include <abstractions/bus/org.freedesktop.Avahi>
  include <abstractions/bus/org.freedesktop.FileManager1>
  include <abstractions/bus/org.freedesktop.Notifications>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.freedesktop.secrets>
  include <abstractions/bus/org.freedesktop.UPower>
  include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
  include <abstractions/bus/org.gnome.ScreenSaver>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/bus/org.kde.kwalletd>
  include <abstractions/common/chromium>
@ -40,6 +38,7 @@
  include <abstractions/fontconfig-cache-read>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
  include <abstractions/screensaver>
  include <abstractions/ssl_certs>
  include <abstractions/thumbnails-cache-read>
  include <abstractions/uim>
--- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver
+++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver
@ -1,21 +0,0 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
  abi <abi/4.0>,
  #aa:dbus common bus=session name=org.gnome.ScreenSaver label=gjs-console
  dbus send bus=session path=/org/gnome/ScreenSaver
       interface=org.gnome.ScreenSaver
       member=GetActive
       peer=(name="@{busname}", label=gjs-console),
  dbus receive bus=session path=/org/gnome/ScreenSaver
       interface=org.gnome.ScreenSaver
       member={ActiveChanged,WakeUpScreen}
       peer=(name="@{busname}", label=gjs-console),
  include if exists <abstractions/bus/org.gnome.ScreenSaver.d>
 # vim:syntax=apparmor
--- a/apparmor.d/abstractions/bus/session/org.freedesktop.ScreenSaver
+++ b/apparmor.d/abstractions/bus/session/org.freedesktop.ScreenSaver
@ -0,0 +1,26 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 # Allow checking status, activating and locking the screensaver
  abi <abi/4.0>,
  dbus send bus=session path=/ScreenSaver
       interface=org.freedesktop.ScreenSaver
       member={Inhibit,UnInhibit}
       peer=(name=org.freedesktop.ScreenSaver),
  dbus send bus=session path=/{,org/freedesktop/}ScreenSaver
       interface=org.freedesktop.ScreenSaver
       member={GetActive,GetActiveTime,Lock,SetActive}
       peer=(name=@{busname}, label="{gsd-screensaver-proxy,ksmserver,kwin_wayland}"),
  dbus receive bus=session path=/org/freedesktop/ScreenSaver
       interface=org.freedesktop.ScreenSaver
       member={ActiveChanged,WakeUpScreen}
       peer=(name=@{busname}, label="{gsd-screensaver-proxy,ksmserver,kwin_wayland}"),
  include if exists <abstractions/bus/session/org.freedesktop.ScreenSaver.d>
 # vim:syntax=apparmor
--- a/apparmor.d/abstractions/bus/session/org.gnome.ScreenSaver
+++ b/apparmor.d/abstractions/bus/session/org.gnome.ScreenSaver
@ -2,18 +2,20 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 # Allow checking status, activating and locking the screensaver (GNOME version)
  abi <abi/4.0>,
-  dbus send bus=session path=/ScreenSaver
+  dbus send bus=session path=/{,org/gnome/}ScreenSaver
-       interface=org.freedesktop.ScreenSaver
+       interface=org.gnome.ScreenSaver
-       member={Inhibit,UnInhibit}
+       member={GetActive,GetActiveTime,Lock,SetActive}
-       peer=(name=org.freedesktop.ScreenSaver),
+       peer=(name=@{busname}, label=gjs-console),
  dbus receive bus=session path=/org/gnome/ScreenSaver
       interface=org.gnome.ScreenSaver
       member={ActiveChanged,WakeUpScreen}
       peer=(name=@{busname}, label=gjs-console),
-  include if exists <abstractions/bus/org.freedesktop.ScreenSaver.d>
+  include if exists <abstractions/bus/session/org.gnome.ScreenSaver.d>
 # vim:syntax=apparmor
--- a/apparmor.d/abstractions/screensaver
+++ b/apparmor.d/abstractions/screensaver
@ -0,0 +1,14 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 # Allow checking status, activating and locking the screensaver
  abi <abi/4.0>,
  include if exists <abstractions/bus/session/org.freedesktop.ScreenSaver>
  include if exists <abstractions/bus/session/org.gnome.ScreenSaver>
  include if exists <abstractions/screensaver.d>
 # vim:syntax=apparmor
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@ -14,13 +14,13 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus-system>
  include <abstractions/bus/org.a11y>
  include <abstractions/bus/org.freedesktop.login1.Session>
  include <abstractions/bus/session/org.freedesktop.systemd1>
  include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
-  include <abstractions/bus/org.gnome.ScreenSaver>
+  include <abstractions/bus/session/org.freedesktop.systemd1>
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
  include <abstractions/screensaver>
  network inet stream,
  network inet6 stream,
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -23,7 +23,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.UPower.PowerProfiles>
  include <abstractions/bus/org.freedesktop.UPower>
  include <abstractions/bus/org.gnome.Mutter.IdleMonitor>
  include <abstractions/bus/org.gnome.ScreenSaver>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/bus/org.gtk.vfs.MountTracker>
  include <abstractions/consoles>
@ -31,6 +30,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  include <abstractions/fontconfig-cache-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
  include <abstractions/screensaver>
  network inet stream,
  network netlink raw,
--- a/apparmor.d/profiles-a-f/discord
+++ b/apparmor.d/profiles-a-f/discord
@ -18,9 +18,9 @@ profile discord @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.kde.StatusNotifierWatcher>
  include <abstractions/common/electron>
  include <abstractions/screensaver>
  include <abstractions/thumbnails-cache-read>
  include <abstractions/user-download-strict>
--- a/apparmor.d/profiles-a-f/element-desktop
+++ b/apparmor.d/profiles-a-f/element-desktop
@ -18,10 +18,10 @@ profile element-desktop @{exec_path} flags=(attach_disconnected) {
  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus/com.canonical.Unity.LauncherEntry>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.kde.StatusNotifierWatcher>
  include <abstractions/common/electron>
  include <abstractions/p11-kit>
  include <abstractions/screensaver>
  include <abstractions/video>
  network inet dgram,
--- a/apparmor.d/profiles-a-f/freetube
+++ b/apparmor.d/profiles-a-f/freetube
@ -18,10 +18,10 @@ profile freetube @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/common/electron>
  include <abstractions/consoles>
  include <abstractions/screensaver>
  include <abstractions/user-download-strict>
  include <abstractions/video>
--- a/apparmor.d/profiles-m-r/pinentry-gnome3
+++ b/apparmor.d/profiles-m-r/pinentry-gnome3
@ -11,8 +11,8 @@ profile pinentry-gnome3 @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-session>
  include <abstractions/bus/org.gnome.keyring.internal.Prompter>
  include <abstractions/bus/org.gnome.ScreenSaver>
  include <abstractions/consoles>
  include <abstractions/screensaver>
  signal receive set=int,
--- a/apparmor.d/profiles-s-z/signal-desktop
+++ b/apparmor.d/profiles-s-z/signal-desktop
@ -18,10 +18,10 @@ profile signal-desktop @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/bus-session>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.kde.StatusNotifierWatcher>
  include <abstractions/common/electron>
  include <abstractions/devices-usb-read>
  include <abstractions/screensaver>
  include <abstractions/user-download-strict>
  include <abstractions/video>
--- a/apparmor.d/profiles-s-z/spotify
+++ b/apparmor.d/profiles-s-z/spotify
@ -22,7 +22,6 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.a11y>
  include <abstractions/bus/org.freedesktop.Notifications>
  include <abstractions/bus/org.freedesktop.portal.Desktop>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.freedesktop.secrets>
  include <abstractions/bus/org.gnome.SettingsDaemon.MediaKeys>
  include <abstractions/bus/org.gtk.vfs.MountTracker>
@ -31,6 +30,7 @@ profile spotify @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/session/org.freedesktop.systemd1>
  include <abstractions/common/electron>
  include <abstractions/devices-usb-read>
  include <abstractions/screensaver>
  network inet dgram,
  network inet6 dgram,
--- a/apparmor.d/profiles-s-z/totem
+++ b/apparmor.d/profiles-s-z/totem
@ -10,10 +10,10 @@ include <tunables/global>
 profile totem @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/common/gnome>
  include <abstractions/gstreamer>
  include <abstractions/screensaver>
  include <abstractions/thumbnails-cache-write>
  include <abstractions/user-download-strict>
--- a/apparmor.d/profiles-s-z/vlc
+++ b/apparmor.d/profiles-s-z/vlc
@ -14,7 +14,6 @@ profile vlc @{exec_path} {
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
  include <abstractions/bus/org.a11y>
  include <abstractions/bus/org.freedesktop.ScreenSaver>
  include <abstractions/bus/org.freedesktop.secrets>
  include <abstractions/bus/org.kde.kwalletd>
  include <abstractions/bus/org.kde.StatusNotifierWatcher>
@ -27,6 +26,7 @@ profile vlc @{exec_path} {
  include <abstractions/ibus>
  include <abstractions/nameservice-strict>
  include <abstractions/qt5-settings-write>
  include <abstractions/screensaver>
  include <abstractions/ssl_certs>
  include <abstractions/user-download-strict>