felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-09 19:57:49 +01:00
parent a99fbaa0be
commit c7181ecadf
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
32 changed files with 152 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

17
apparmor.d/groups/gnome/gnome-control-center-goa-helper
View file

@ -39,7 +39,7 @@ profile gnome-control-center-goa-helper @{exec_path} {
@{exec_path} mr,
@{bin}/bwrap rPUx,
@{bin}/bwrap rCx -> bwrap,
@{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rix,
@ -48,9 +48,11 @@ profile gnome-control-center-goa-helper @{exec_path} {
owner @{user_config_dirs}/goa-1.0/accounts.conf r,
owner @{user_cache_dirs}/gnome-control-center-goa-helper/{,**} rwl,
owner @{user_cache_dirs}/gnome-control-center-goa-helper/ rw,
owner @{user_cache_dirs}/gnome-control-center-goa-helper/** rwl,
owner @{user_share_dirs}/gnome-control-center-goa-helper/{,**} rwk,
owner @{user_share_dirs}/gnome-control-center-goa-helper/ rw,
owner @{user_share_dirs}/gnome-control-center-goa-helper/** rwk,
owner @{user_share_dirs}/webkitgtk/{,**} rw,
owner @{user_share_dirs}/webkitgtk/localstorage/{,**} rwk,
@ -63,6 +65,15 @@ profile gnome-control-center-goa-helper @{exec_path} {
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/cmdline r,
profile bwrap flags=(attach_disconnected,complain) {
include <abstractions/base>
include <abstractions/common/bwrap>
@{bin}/bwrap mr,
include if exists <local/gnome-control-center-goa-helper_bwrap>
}
include if exists <local/gnome-control-center-goa-helper>
}

2
apparmor.d/groups/gnome/gnome-weather
View file

@ -33,6 +33,8 @@ profile gnome-weather @{exec_path} {
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/stat r,
deny owner @{user_share_dirs}/gvfs-metadata/* r,
include if exists <local/gnome-weather>
}

28
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -31,38 +31,14 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
network netlink raw,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.MediaKeys
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Rfkill label=gsd-rfkill
#aa:dbus talk bus=session name=org.gnome.Shell label=gnome-shell
dbus send bus=system path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager
member=PowerOff
peer=(name=:*, label=systemd-logind),
dbus send bus=session path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/Shell
interface=org.gnome.Shell
member={GrabAccelerators,UngrabAccelerators}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties
member={GetAll,PropertiesChanged}
peer=(name=:*, label=gnome-shell),
dbus receive bus=session path=/org/gnome/Shell
interface=org.gnome.Shell
member=AcceleratorActivated
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/org/gnome/SettingsDaemon/Rfkill
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=:*, label=gsd-rfkill),
dbus receive bus=session path=/org/gnome/SettingsDaemon/Rfkill
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(name=:*, label=gsd-rfkill),
dbus send bus=session path=/
interface=org.freedesktop.DBus
member=ListNames