feat(abs): add missing bus abs.

2025-08-24 23:53:12 +02:00 · 2025-08-24 23:53:12 +02:00 · bc270954d4
commit bc270954d4
parent 2fcf4c5011
2 changed files with 49 additions and 0 deletions
--- a/apparmor.d/abstractions/bus/org.gnome.SettingsDaemon.MediaKeys
+++ b/apparmor.d/abstractions/bus/org.gnome.SettingsDaemon.MediaKeys
@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allow requesting interest in receiving media key events. This tells Gnome
+# settings that our application should be notified when key events we are
+# interested in are pressed, and allows us to receive those events.
+
+  abi <abi/4.0>,
+
+  # DBus.Properties: read all properties from the interface
+  dbus send bus=session path=/org/gnome/SettingsDaemon/MediaKeys
+       interface=org.freedesktop.DBus.Properties
+       member={Get,GetAll}
+       peer=(name="{@{busname},org.gnome.SettingsDaemon.MediaKeys}", label=gsd-media-keys),
+
+  dbus (receive, send) bus=session path=/org/gnome/SettingsDaemon/MediaKeys
+       interface=org.gnome.SettingsDaemon.MediaKeys
+       peer=(name="{@{busname},org.gnome.SettingsDaemon.MediaKeys}", label=gsd-media-keys),
+
+  include if exists <abstractions/bus/org.gnome.SettingsDaemon.MediaKeys.d>
+
+# vim:syntax=apparmor
--- a/apparmor.d/abstractions/bus/org.gnome.keyring.internal.Prompter
+++ b/apparmor.d/abstractions/bus/org.gnome.keyring.internal.Prompter
@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Allow accessing the GNOME crypto services prompt APIs as used by
+# applications using libgcr (such as pinentry-gnome3) for secure pin
+# entry to unlock GPG keys etc. See:
+# https://developer.gnome.org/gcr/unstable/GcrPrompt.html
+# https://developer.gnome.org/gcr/unstable/GcrSecretExchange.html
+# https://github.com/snapcore/snapd/pull/7673#issuecomment-592229711
+
+  abi <abi/4.0>,
+
+  dbus send bus=session path=/org/gnome/keyring/Prompter
+       interface=org.gnome.keyring.internal.Prompter
+       member={BeginPrompting,PerformPrompt,StopPrompting}
+       peer=(name=@{busname}, label=pinentry-*),
+
+  dbus receive bus=session path=/org/gnome/keyring/Prompt/p@{int}
+       interface=org.gnome.keyring.internal.Prompter.Callback
+       member={PromptReady,PromptDone}
+       peer=(name=@{busname}, label=pinentry-*),
+
+  include if exists <abstractions/bus/org.gnome.keyring.internal.Prompter.d>
+
+# vim:syntax=apparmor