feat(abs): ensure ca.desrt.dconf.Writer dbus is part of dconf-write only.

2025-03-20 00:30:24 +01:00 · 2025-03-20 00:30:24 +01:00 · a69dc5bc8b
commit a69dc5bc8b
parent 50135cf75b
3 changed files with 20 additions and 10 deletions
--- a/apparmor.d/abstractions/bus/ca.desrt.dconf.Writer
+++ b/apparmor.d/abstractions/bus/ca.desrt.dconf.Writer
@ -0,0 +1,19 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Change
+       peer=(name=ca.desrt.dconf), # no peer's labels
+
+  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
+       interface=ca.desrt.dconf.Writer
+       member=Notify
+       peer=(name=@{busname}, label=dconf-service),
+
+  include if exists <abstractions/bus/ca.desrt.dconf.Writer.d>
+
+# vim:syntax=apparmor
--- a/apparmor.d/abstractions/dconf-write
+++ b/apparmor.d/abstractions/dconf-write
@ -8,6 +8,7 @@
  abi <abi/4.0>,

  include <abstractions/dconf>
+  include <abstractions/bus/ca.desrt.dconf.Writer>

  owner @{user_config_dirs}/glib-2.0/settings/keyfile w,

--- a/apparmor.d/abstractions/dconf.d/complete
+++ b/apparmor.d/abstractions/dconf.d/complete
@ -2,16 +2,6 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

-  dbus send bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Change
-       peer=(name=ca.desrt.dconf), # no peer's labels
-
-  dbus receive bus=session path=/ca/desrt/dconf/Writer/user
-       interface=ca.desrt.dconf.Writer
-       member=Notify
-       peer=(name=@{busname}, label=dconf-service),
-
  /usr/share/dconf/profile/gdm r,

  owner @{user_config_dirs}/glib-2.0/settings/keyfile r,