feat(profile): add some dbus rules.
This commit is contained in:
Alexandre Pujol
parent
53f3a27e16
commit
9f49052529
36 changed files with 98 additions and 140 deletions
|
|
@ -19,6 +19,8 @@ profile colord-sane @{exec_path} flags=(attach_disconnected) {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
# dbus: talk bus=system name=org.freedesktop.ColorManager label=colord
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/snmp/mibs/{,*} r,
|
||||
|
|
|
|||
|
|
@ -25,27 +25,13 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.portal.Desktop,
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.portal.Settings,
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.impl.portal.*
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}}
|
||||
dbus receive bus=session path=/org/freedesktop/portal/desktop
|
||||
interface=org.freedesktop.portal.Realtime
|
||||
member=MakeThread*
|
||||
peer=(name=:*),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.background.Monitor,
|
||||
dbus receive bus=session path=/org/freedesktop/background/monitor
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus send bus=session path=/org/freedesktop/background/monitor
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=org.freedesktop.DBus),
|
||||
# dbus: own bus=session name=org.freedesktop.background.Monitor path=/org/freedesktop/background/monitor
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/portal/documents
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
|||
|
|
@ -16,13 +16,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
||||
signal (receive) set=(term hup kill) peer=gdm*,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.impl.portal.PermissionStore,
|
||||
dbus receive bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
dbus receive bus=session path=/org/freedesktop/impl/portal/PermissionStore
|
||||
interface=org.freedesktop.impl.portal.PermissionStore
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=session name=org.freedesktop.impl.portal.PermissionStore
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
|||
|
|
@ -31,6 +31,15 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
# dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.Accounts
|
||||
member=ListCachedUsers
|
||||
peer=(name=:*, label=accounts-daemon),
|
||||
dbus send bus=system path=/org/freedesktop/Accounts
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=accounts-daemon),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser}
|
||||
|
|
|
|||
|
|
@ -126,6 +126,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
interface=org.freedesktop.ColorManager
|
||||
member=DeleteDevice
|
||||
peer=(name=:*, label=colord),
|
||||
dbus receive bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager
|
||||
member=ProfileAdded
|
||||
peer=(name=:*, label=colord),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/seat/seat@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
@ -183,6 +187,21 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
member=JobRemoved
|
||||
peer=(name=:*, label="@{systemd}"),
|
||||
|
||||
dbus send bus=session path=/MenuBar
|
||||
interface=com.canonical.dbusmenu
|
||||
member={AboutToShow,GetLayout,GetGroupProperties}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/StatusNotifierItem
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session path=/org/mpris/MediaPlayer2
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*),
|
||||
|
||||
dbus send bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
|
|||
|
|
@ -28,16 +28,9 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term) peer=gdm,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Extract,
|
||||
# dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract
|
||||
|
||||
# Talk to tracker-miner
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/{Files,Endpoint,Miner/Extract}
|
||||
interface={org.freedesktop.Tracker3.{Miner,Endpoint,Files},org.freedesktop.DBus.{Peer,Properties}}
|
||||
peer=(name="{:*,org.freedesktop.Tracker3.Miner.Files,org.freedesktop.DBus}", label=tracker-miner),
|
||||
dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.Tracker3.Miner.Files),
|
||||
# dbus: talk bus=session name=org.freedesktop.Tracker3 label=tracker-miner interface=org.freedesktop.DBus.{Properties,Peer}
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
|
|
|
|||
|
|
@ -28,15 +28,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term, kill) peer=gdm,
|
||||
signal (receive) set=(hup) peer=gdm-session-worker,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.Tracker3.Miner.Files{,.*},
|
||||
dbus (send, receive) bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface={org.freedesktop.Tracker3.Endpoint,org.freedesktop.DBus.Peer}
|
||||
peer=(name=:*),
|
||||
|
||||
# Talk from tracker-extract
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/{Files,Endpoint,Miner/Extract}
|
||||
interface={org.freedesktop.Tracker3.{Miner,Endpoint,Files},org.freedesktop.DBus.{Peer,Properties}}
|
||||
peer=(name="{:*,org.freedesktop.DBus}", label=tracker-extract),
|
||||
# dbus: own bus=session name=org.freedesktop.Tracker3 interface=org.freedesktop.DBus.{Properties,Peer}
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -12,10 +12,7 @@ profile gvfs-afc-volume-monitor @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/bus-session>
|
||||
|
||||
dbus bind bus=session name=org.gtk.vfs.AfcVolumeMonitor,
|
||||
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||
peer=(name="{:*,org.freedesktop.DBus}"),
|
||||
# dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
|||
|
|
@ -19,10 +19,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
|
|||
network qipcrtr dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.ModemManager1,
|
||||
dbus receive bus=system path=/org/freedesktop/ModemManager1
|
||||
interface=org.freedesktop.DBus.{ObjectManager,Properties}
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=system name=org.freedesktop.ModemManager1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/bus/org.freedesktop.login1>
|
||||
include <abstractions/bus/org.freedesktop.ModemManager1>
|
||||
include <abstractions/bus/org.freedesktop.PolicyKit1>
|
||||
include <abstractions/bus/org.freedesktop.resolve1>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/openssl>
|
||||
include <abstractions/ssl_certs>
|
||||
|
|
|
|||
|
|
@ -20,10 +20,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read) peer=unconfined,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.nm_dispatcher,
|
||||
dbus receive bus=system path=/org/freedesktop/nm_dispatcher
|
||||
interface=org.freedesktop.nm_dispatcher
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=system name=org.freedesktop.nm_dispatcher
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,25 +10,11 @@ include <tunables/global>
|
|||
profile hostnamectl @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.freedesktop.hostname1>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability net_admin,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/
|
||||
interface=org.freedesktop.hostname1
|
||||
member=Set*Hostname
|
||||
peer=(name=org.freedesktop.hostname1),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.hostname1
|
||||
member=Set*Hostname
|
||||
peer=(name=org.freedesktop.hostname1),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=org.freedesktop.systemd1),
|
||||
# dbus: talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ include <tunables/global>
|
|||
profile networkctl @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.freedesktop.network1>
|
||||
|
||||
capability net_admin,
|
||||
capability sys_module,
|
||||
|
|
@ -25,10 +24,7 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/network[0-9]
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get
|
||||
peer=(name=org.freedesktop.network1),
|
||||
# dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -22,17 +22,7 @@ profile systemd-analyze @{exec_path} {
|
|||
|
||||
signal (send) peer=child-pager,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
member=ListUnits,
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/systemd1/unit/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
# dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) {
|
|||
mount options=(rw, rslave) -> @{run}/,
|
||||
mount /dev/dm-[0-9]* -> @{run}/systemd/user-home-mount/,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.home1,
|
||||
# dbus: own bus=system name=org.freedesktop.home1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,10 +16,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability sys_admin, # To set a hostname
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.hostname1,
|
||||
dbus receive bus=system path=/org/freedesktop/hostname1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=system name=org.freedesktop.hostname1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -17,11 +17,7 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) {
|
|||
# Needed?
|
||||
audit capability net_admin,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.locale1,
|
||||
dbus receive bus=system path=/org/freedesktop/locale1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
# dbus: own bus=system name=org.freedesktop.locale1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
|
|||
capability dac_override,
|
||||
capability kill,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.oom1,
|
||||
# dbus: own bus=system name=org.freedesktop.oom1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
|
|||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
dbus bind bus=system name=org.freedesktop.timesync1,
|
||||
# dbus: own bus=system name=org.freedesktop.timesync1
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -15,10 +15,7 @@ profile software-properties-dbus @{exec_path} {
|
|||
include <abstractions/openssl>
|
||||
include <abstractions/python>
|
||||
|
||||
dbus bind bus=system name=com.ubuntu.SoftwareProperties,
|
||||
dbus receive bus=system path=/
|
||||
interface=com.ubuntu.SoftwareProperties
|
||||
peer=(name=:*, label=software-properties-gtk),
|
||||
# dbus: own bus=system name=com.ubuntu.SoftwareProperties
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue