feat(profile): cleanup some dbus path/interfaces

2023-11-30 00:29:37 +00:00 · 2023-11-30 00:29:37 +00:00 · c27ec457d0
commit c27ec457d0
parent 459fe7c905
23 changed files with 89 additions and 161 deletions
--- a/apparmor.d/groups/freedesktop/accounts-daemon
+++ b/apparmor.d/groups/freedesktop/accounts-daemon
@ -25,11 +25,11 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
  dbus (send,receive) bus=system path=/org/freedesktop/Accounts{,/User[0-9]*}
       interface=org.freedesktop.{DBus.{Properties,Introspectable},Accounts{,.User}},

-  dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
-       interface=org.freedesktop.PolicyKit[0-9].Authority
+  dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.PolicyKit1.Authority
       member={CheckAuthorization,Changed},

-  dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
       interface=org.freedesktop.DBus.Properties
       member=GetAll,

--- a/apparmor.d/groups/freedesktop/pipewire-media-session
+++ b/apparmor.d/groups/freedesktop/pipewire-media-session
@ -22,12 +22,12 @@ profile pipewire-media-session @{exec_path} {
  network bluetooth stream,
  network netlink raw,

-  dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
+  dbus send bus=system path=/org/freedesktop/RealtimeKit1
       interface=org.freedesktop.DBus.Properties
       member=Get
       peer=(name=org.freedesktop.RealtimeKit1),

-  dbus send bus=system path=/org/freedesktop/RealtimeKit[0-9]
+  dbus send bus=system path=/org/freedesktop/RealtimeKit1
       interface=org.freedesktop.RealtimeKit1
       member=MakeThreadRealtime
       peer=(name=org.freedesktop.RealtimeKit1),
--- a/apparmor.d/groups/freedesktop/polkit-agent-helper
+++ b/apparmor.d/groups/freedesktop/polkit-agent-helper
@ -30,13 +30,13 @@ profile polkit-agent-helper @{exec_path} {
  signal (receive) set=(term, kill) peer=pkttyagent,
  signal (receive) set=(term, kill) peer=polkit-*-authentication-agent,

-  dbus (send) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
+  dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
       interface=org.freedesktop.DBus.Properties
       member=GetAll
       peer=(name=:*),

-  dbus (send) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
-       interface=org.freedesktop.PolicyKit[0-9].Authority
+  dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.PolicyKit1.Authority
       member=AuthenticationAgentResponse2
       peer=(name=:*),

--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/xdg-desktop-portal-gtk
 profile xdg-desktop-portal-gtk @{exec_path} {
  include <abstractions/base>
+  include <abstractions/bus/atspi>
  include <abstractions/dbus-accessibility-strict>
  include <abstractions/dbus-session-strict>
  include <abstractions/dbus-strict>
@ -28,11 +29,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {

  unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),

-  dbus send bus=session path=/org/freedesktop/DBus
-       interface=org.freedesktop.DBus
-       member={RequestName,ReleaseName}
-       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
-
  dbus send bus=system path=/org/freedesktop/Accounts/User[0-9]*
       interface=org.freedesktop.DBus.Properties
       member=GetAll,
@ -88,31 +84,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
       member={RunningApplicationsChanged,WindowsChanged}
       peer=(name=:*, label=gnome-shell),

-  dbus send    bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
-       interface=org.a11y.atspi.DeviceEventController
-       member={GetKeystrokeListeners,GetDeviceEventListeners}
-       peer=(name=org.a11y.atspi.Registry), # all peer's labels
-
-  dbus send    bus=accessibility path=/org/a11y/atspi/registry
-       interface=org.a11y.atspi.Registry
-       member=GetRegisteredEvents
-       peer=(name=org.a11y.atspi.Registry), # all peer's labels
-
-  dbus receive bus=accessibility path=/org/a11y/atspi/registry
-       interface=org.a11y.atspi.Registry
-       member=EventListenerDeregistered
-       peer=(name=:*, label=at-spi2-registryd),
-
-  dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
-       interface=org.a11y.atspi.Socket
-       member=Embed
-       peer=(name=org.a11y.atspi.Registry), # all peer's labels
-
-  dbus send bus=session path=/org/a11y/bus
-       interface=org.a11y.Bus
-       member=GetAddress
-       peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
-
  dbus send bus=session path=/org/gtk/vfs/mounttracker
       interface=org.gtk.vfs.MountTracker
       member=ListMountableInfo