Update various profiles
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
This commit is contained in:
Jeroen Rijken
Alex
parent
92a1d9f65f
commit
b532dd6827
47 changed files with 459 additions and 26 deletions
|
|
@ -7,4 +7,35 @@
|
|||
member={GetAll,PropertiesChanged}
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
dbus send bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}
|
||||
interface=fi.w1.wpa_supplicant1.Interface
|
||||
member={Disconnect,RemoveNetwork,Scan}
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
dbus send bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}
|
||||
interface=fi.w1.wpa_supplicant1.Interface.P2PDevice
|
||||
member=Cancel
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
# Unconfined for now, don't know the label yet.
|
||||
# dbus send bus=system path=/org/freedesktop
|
||||
# interface=org.freedesktop.DBus.ObjectManager
|
||||
# member=InterfacesRemoved
|
||||
# peer=(name=:*, label=unconfined),
|
||||
|
||||
dbus receive bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}
|
||||
interface=fi.w1.wpa_supplicant1.Interface
|
||||
member={BSSAdded,BSSRemoved,NetworkRemoved,ScanDone,PropertiesChanged}
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
dbus receive bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
dbus receive bus=system path=/fi/w1/wpa_supplicant1/Interfaces/@{int}/BSSs/@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=wpa-supplicant),
|
||||
|
||||
include if exists <abstractions/bus/fi.w1.wpa_supplicant1.d>
|
||||
|
|
|
|||
|
|
@ -2,9 +2,29 @@
|
|||
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
dbus receive bus=system path=/
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=InterfacesRemoved
|
||||
peer=(name=:*, label=bluetoothd),
|
||||
|
||||
dbus receive bus=system path=/org/bluez/hci@{int}{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*, label=bluetoothd),
|
||||
|
||||
dbus send bus=system path=/org/bluez
|
||||
interface=org.bluez.ProfileManager@{int}
|
||||
member=RegisterProfile
|
||||
peer=(name=org.bluez, label=bluetoothd),
|
||||
|
||||
dbus send bus=system path=/org/bluez/hci@{int}
|
||||
interface=org.bluez.BatteryProviderManager@{int}
|
||||
member=RegisterProfile
|
||||
peer=(name=org.bluez, label=bluetoothd),
|
||||
|
||||
dbus send bus=system path=/org/bluez/hci@{int}
|
||||
interface=org.bluez.Media@{int}
|
||||
member=RegisterApplication
|
||||
peer=(name=org.bluez, label=bluetoothd),
|
||||
|
||||
include if exists <abstractions/bus/org.bluez.d>
|
||||
|
|
|
|||
|
|
@ -37,6 +37,11 @@
|
|||
member=GetAll
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
|
|
|
|||
|
|
@ -2,6 +2,11 @@
|
|||
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=Changed
|
||||
peer=(name=:*, label=polkitd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
|
|
@ -11,6 +16,7 @@
|
|||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=CheckAuthorization
|
||||
peer=(name=org.freedesktop.PolicyKit1, label=polkitd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=CheckAuthorization
|
||||
|
|
@ -20,9 +26,9 @@
|
|||
member=CheckAuthorization
|
||||
peer=(name=org.freedesktop.PolicyKit1),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.PolicyKit1.Authority
|
||||
member=Changed
|
||||
dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=polkitd),
|
||||
|
||||
include if exists <abstractions/bus/org.freedesktop.PolicyKit1.d>
|
||||
|
|
|
|||
|
|
@ -12,11 +12,21 @@
|
|||
member=GetAll
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/devices/DisplayDevice
|
||||
dbus send bus=system path=/org/freedesktop/UPower
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetDisplayDevice}
|
||||
peer=(name=org.freedesktop.UPower, label=upowerd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/devices/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UPower/devices/*
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=upowerd),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/UPower/devices/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member=Inhibit
|
||||
member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend}
|
||||
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1
|
||||
|
|
|
|||
|
|
@ -7,9 +7,14 @@
|
|||
member=GetSession
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1{,session/*,seat/*}
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
member={Get,GetAll}
|
||||
peer=(name=:*, label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/session/*
|
||||
|
|
@ -17,6 +22,11 @@
|
|||
member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint}
|
||||
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1/seat/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={Get,GetAll}
|
||||
peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/session/*
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
|
|
|
|||
|
|
@ -13,11 +13,15 @@
|
|||
# @{cache_dirs} = @{user_cache_dirs}/chromium
|
||||
|
||||
include <abstractions/audio>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.freedesktop.UPower>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/devices-usb>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/graphics-full>
|
||||
include <abstractions/kde-strict>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
|
|
@ -51,6 +55,11 @@
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=system path=/
|
||||
interface=org.freedesktop.DBus.ObjectManager
|
||||
member=GetManagedObjects
|
||||
peer=(name=org.bluez, label=bluetoothd),
|
||||
|
||||
@{lib_dirs}/{,**} r,
|
||||
@{lib_dirs}/*.so* mr,
|
||||
@{lib_dirs}/chrome_crashpad_handler rPx,
|
||||
|
|
@ -93,16 +102,19 @@
|
|||
/usr/share/hwdata/pnp.ids r,
|
||||
/usr/share/mozilla/extensions/{,**} r,
|
||||
/usr/share/qt{5,}/translations/*.qm r,
|
||||
/usr/share/uim/* r,
|
||||
/usr/share/webext/{,**} r,
|
||||
|
||||
/etc/@{name}/{,**} r,
|
||||
/etc/fstab r,
|
||||
/etc/igfx_user_feature{,_next}.txt w,
|
||||
/etc/igfx_user_feature{,_next}.txt rw,
|
||||
/etc/opensc.conf r,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
/etc/machine-id r,
|
||||
|
||||
/var/lib/uim/* r,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
|
||||
owner @{HOME}/.pki/ rw,
|
||||
|
|
@ -110,9 +122,13 @@
|
|||
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
|
||||
owner @{HOME}/.uim.d/customs/* r,
|
||||
owner @{HOME}/.XCompose r,
|
||||
|
||||
owner @{user_config_dirs}/gtk-3.0/servers r,
|
||||
owner @{user_share_dirs}/.@{domain}.* rw,
|
||||
owner @{user_cache_dirs}/gtk-3.0/**/*.cache r,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{config_dirs}/ rw,
|
||||
owner @{config_dirs}/** rwk,
|
||||
|
|
@ -145,6 +161,10 @@
|
|||
|
||||
audit @{run}/udev/data/* r,
|
||||
|
||||
owner @{run}/user/@{uid}/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer rw,
|
||||
owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw,
|
||||
owner @{run}/user/@{uid}/uim/socket/uim-helper rw,
|
||||
|
||||
@{sys}/bus/ r,
|
||||
@{sys}/bus/**/devices/ r,
|
||||
@{sys}/class/**/ r,
|
||||
|
|
@ -154,6 +174,7 @@
|
|||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/system/cpu/kernel_max r,
|
||||
@{sys}/devices/virtual/**/report_descriptor r,
|
||||
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_name} r,
|
||||
@{sys}/devices/virtual/tty/tty@{int}/active r,
|
||||
|
||||
@{PROC}/ r,
|
||||
|
|
|
|||
|
|
@ -3,8 +3,14 @@
|
|||
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
capability sys_ptrace,
|
||||
|
||||
ptrace (read) peer=@{systemd},
|
||||
|
||||
owner @{lib}/systemd/{,systemd} r,
|
||||
|
||||
owner @{run}/systemd/system/ r,
|
||||
|
||||
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
|
||||
@{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,
|
||||
|
||||
|
|
@ -14,6 +20,7 @@
|
|||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/filesystems r,
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
|
||||
/dev/kmsg w,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue