From 9ab321d14623054e71a6053770a58a023717bec3 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 23 Mar 2025 12:28:01 +0100 Subject: [PATCH] feat(abs): dbus interfaces definition update. --- .../abstractions/bus/com.canonical.dbusmenu | 4 ++++ apparmor.d/abstractions/bus/org.a11y | 2 +- .../bus/org.freedesktop.RealtimeKit1 | 20 +++++++++---------- .../abstractions/bus/org.freedesktop.locale1 | 4 ++++ .../bus/org.freedesktop.portal.Desktop | 4 ++++ .../abstractions/bus/org.gtk.vfs.Metadata | 6 ++++-- .../abstractions/bus/org.gtk.vfs.MountTracker | 5 +++++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index c5f74a6de..61ce81111 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -4,6 +4,10 @@ abi , + dbus send bus=session path=/com/canonical/unity/launcherentry/** + interface=com.canonical.dbusmenu + member={GetGroupProperties,GetLayout} + peer=(name=@{busname}, label=nautilus), include if exists diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index bb31a079c..018109a62 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -35,7 +35,7 @@ dbus send bus=session path=/org/a11y/bus interface=org.a11y.Bus - member=GetAddress + member=Get peer=(name=org.a11y.Bus, label="@{p_dbus_accessibility}"), dbus send bus=session path=/org/a11y/bus diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index 05aefc887..34b15010c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -2,23 +2,23 @@ # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# Allow setting realtime priorities. Clients require RLIMIT_RTTIME in the first +# place and client authorization is done via PolicyKit. Note that setrlimit() +# is allowed by default seccomp policy but requires 'capability sys_resource', +# which we deny be default. +# http://git.0pointer.net/rtkit.git/tree/README + abi , - #aa:dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon - + #-aa-dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon dbus send bus=system path=/org/freedesktop/RealtimeKit1 - interface=org.freedesktop.RealtimeKit1 - member=MakeThread* - peer=(name="@{busname}", label=rtkit-daemon), - - dbus send bus=system path=/org/freedesktop/RealtimeKit1 - interface=org.freedesktop.RealtimeKit1 - member=MakeThread* + interface=org.freedesktop.DBus.Properties + member=Get peer=(name=org.freedesktop.RealtimeKit1), dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.RealtimeKit1 - member=MakeThread* + member={MakeThreadHighPriority,MakeThreadRealtime,MakeThreadRealtimeWithPID} peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index ea81c60ef..511a44dd6 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -5,6 +5,10 @@ abi , #aa:dbus common bus=system name=org.freedesktop.locale1 label=systemd-localed + dbus send bus=system path=/org/freedesktop/locale1 + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=org.freedesktop.locale1), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 882dedd6c..7b19a675a 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -5,6 +5,10 @@ abi , #aa:dbus common bus=session name=org.freedesktop.portal.Desktop label=xdg-desktop-portal + dbus send bus=session path=/org/freedesktop/portal/desktop + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=@{busname}, label=xdg-desktop-portal), dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index 80daa4927..ae1b928c2 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -4,9 +4,11 @@ abi , + #aa:dbus common bus=system name=org.gtk.vfs.Metadata path=/org/gtk/vfs/metadata label=gvfsd-metadata + dbus send bus=session path=/org/gtk/vfs/metadata - interface=org.freedesktop.DBus.Properties - member=GetAll + interface=org.gtk.vfs.Metadata + member={Set,Move,GetTreeFromDevice,Remove} peer=(name="@{busname}", label=gvfsd-metadata), dbus receive bus=session path=/org/gtk/vfs/metadata diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 1c80ca6ea..d88afd0ee 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -9,6 +9,11 @@ member=ListMountableInfo peer=(name="@{busname}", label=gvfsd), + dbus send bus=session path=/org/gtk/vfs/mounttracker + interface=org.gtk.vfs.MountTracker + member=LookupMount + peer=(name="@{busname}", label=gvfsd), + dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker member=ListMounts2