feat(profile): add some dbus rules.

2023-12-19 23:24:44 +00:00 · 2023-12-19 23:24:44 +00:00 · 9f49052529
commit 9f49052529
parent 53f3a27e16
36 changed files with 98 additions and 140 deletions
--- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry
+++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry
@ -0,0 +1,12 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Access required for connecting to/communicating with the Unity Launcher
+
+  dbus send bus=session path=/com/canonical/unity/launcherentry/@{int}
+       interface=com.canonical.Unity.LauncherEntry
+       member=Update
+       peer=(name=org.freedesktop.DBus, label=gnome-shell),
+
+  include if exists <abstractions/bus/com.canonical.Unity.LauncherEntry.d>
--- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu
+++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu
@ -0,0 +1,6 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+
+  include if exists <abstractions/bus/com.canonical.dbusmenu.d>
--- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications
+++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications
@ -7,4 +7,9 @@
       member=GetAll
       peer=(name=:*, label=gjs-console),

+  dbus receive bus=session path=/org/freedesktop/Notifications
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gjs-console),
+
  include if exists <abstractions/bus/org.freedesktop.Notifications.d>
--- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver
+++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver
@ -2,5 +2,9 @@
 # Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

+  dbus send bus=session path=/ScreenSaver
+       interface=org.freedesktop.ScreenSaver
+       member={Inhibit,UnInhibit}
+       peer=(name=org.freedesktop.ScreenSaver),

  include if exists <abstractions/bus/org.freedesktop.ScreenSaver.d>
--- a/apparmor.d/abstractions/bus/org.freedesktop.locale1
+++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1
@ -5,6 +5,6 @@
  dbus send bus=system path=/org/freedesktop/locale1
       interface=org.freedesktop.DBus.Properties
       member=GetAll
-       peer=(name=:*, label=systemd-localed),
+       peer=(name="{:*,org.freedesktop.locale1}", label=systemd-localed),

  include if exists <abstractions/bus/org.freedesktop.locale1.d>
--- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1
+++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1
@ -5,6 +5,6 @@
  dbus send bus=system path=/org/freedesktop/resolve1
       interface=org.freedesktop.resolve1.Manager
       member={SetLink*,ResolveHostname}
-       peer=(name=org.freedesktop.resolve1, label=systemd-resolved),
+       peer=(name="{:*,org.freedesktop.resolve1}", label=systemd-resolved),

  include if exists <abstractions/bus/org.freedesktop.resolve1.d>
--- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher
+++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher
@ -0,0 +1,6 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+
+  include if exists <abstractions/bus/org.kde.StatusNotifierWatcher.d>