From f7d1931bdfc2c9590c36f5bed10be8541ad08531 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 15 Sep 2023 18:14:39 +0100 Subject: [PATCH] feat(dbus): improve dbus introspectable rules. --- apparmor.d/groups/bus/ibus-daemon | 2 +- apparmor.d/groups/bus/ibus-dconf | 2 +- apparmor.d/groups/bus/ibus-extension-gtk3 | 2 +- apparmor.d/groups/bus/ibus-portal | 2 +- apparmor.d/groups/freedesktop/at-spi2-registryd | 2 +- apparmor.d/groups/freedesktop/dconf-service | 2 +- apparmor.d/groups/freedesktop/pipewire | 2 +- .../groups/freedesktop/pipewire-media-session | 2 +- apparmor.d/groups/freedesktop/pulseaudio | 3 ++- apparmor.d/groups/freedesktop/xdg-desktop-portal | 2 +- .../groups/freedesktop/xdg-desktop-portal-gnome | 2 +- apparmor.d/groups/gnome/evolution-source-registry | 5 +---- apparmor.d/groups/gnome/gdm-wayland-session | 2 +- apparmor.d/groups/gnome/gjs-console | 14 ++------------ apparmor.d/groups/gnome/gnome-shell | 4 ++-- apparmor.d/groups/gnome/gsd-a11y-settings | 2 +- apparmor.d/groups/gnome/gsd-color | 2 +- apparmor.d/groups/gnome/gsd-datetime | 2 +- apparmor.d/groups/gnome/gsd-keyboard | 2 +- apparmor.d/groups/gnome/gsd-media-keys | 2 +- apparmor.d/groups/gnome/gsd-power | 2 +- apparmor.d/groups/gnome/gsd-print-notifications | 2 +- apparmor.d/groups/gnome/gsd-printer | 6 +++--- apparmor.d/groups/gnome/gsd-rfkill | 2 +- apparmor.d/groups/gnome/gsd-screensaver-proxy | 2 +- apparmor.d/groups/gnome/gsd-sharing | 2 +- apparmor.d/groups/gnome/gsd-smartcard | 2 +- apparmor.d/groups/gnome/gsd-sound | 2 +- apparmor.d/groups/gnome/gsd-wacom | 2 +- apparmor.d/groups/gnome/tracker-extract | 2 +- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfsd-trash | 2 +- apparmor.d/groups/ubuntu/software-properties-dbus | 8 ++++---- apparmor.d/groups/ubuntu/software-properties-gtk | 11 ++++------- .../groups/ubuntu/ubuntu-advantage-desktop-daemon | 9 +++------ apparmor.d/profiles-s-z/thunderbird | 4 ++-- apparmor.d/profiles-s-z/wireplumber | 2 +- 37 files changed, 51 insertions(+), 69 deletions(-) diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index a8af280fa..d2e5e0a1c 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -34,7 +34,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { member=ListMountableInfo peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 42b0dd648..0f4c06cec 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -19,7 +19,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 40a4deb17..d0a7c65d2 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -57,7 +57,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { member=Embed peer=(name=org.a11y.atspi.Registry), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 6405bb505..9bf8b13f7 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -19,7 +19,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { member={RequestName,ReleaseName} peer=(name=org.freedesktop.DBus, label=dbus-daemon), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 2a7e4d5c4..26d61c14d 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -73,7 +73,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { member=GetAddress peer=(name=org.a11y.Bus, label=at-spi-bus-launcher), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 37b26d370..f664d583e 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -29,7 +29,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { member=Change peer=(name=:*), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 3d6a9c145..ba3ef288b 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -38,7 +38,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { member=Get peer=(name=org.freedesktop.RealtimeKit[0-9]), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index 9d425fa2f..977427eb2 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -31,7 +31,7 @@ profile pipewire-media-session @{exec_path} { member=MakeThreadRealtime peer=(name=org.freedesktop.RealtimeKit1), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index fa3f92511..8f9b707e6 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -75,7 +75,8 @@ profile pulseaudio @{exec_path} { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus bind bus=session name=org.freedesktop.ReserveDevice[0-9].Audio[0-9], diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index fe4a7f831..623b17793 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -97,7 +97,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { member=Lookup peer=(name=:*, label=xdg-permission-store), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index dae6ecece..a259bbe35 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -117,7 +117,7 @@ profile xdg-desktop-portal-gnome @{exec_path} { member=Read peer=(name=:*, label=xdg-desktop-portal), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index b228a0504..6c8e769f2 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -21,12 +21,9 @@ profile evolution-source-registry @{exec_path} { network inet6 dgram, network netlink raw, - dbus (receive) bus=session path=/org/gnome/evolution/dataserver{,/**} - interface=org.freedesktop.DBus.Introspectable - peer=(name=:*, label=gnome-shell), - dbus receive bus=session interface=org.freedesktop.DBus.Introspectable + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 44402f4f0..ca1efc1b5 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -31,7 +31,7 @@ profile gdm-wayland-session @{exec_path} { member=Get peer=(name=org.freedesktop.systemd[0-9]*, label=unconfined), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 9207a3973..e0642fb01 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -41,14 +41,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/org/freedesktop/Notifications + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), - - dbus receive bus=session path=/org/freedesktop - interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/freedesktop/Notifications @@ -68,11 +63,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { interface=org.freedesktop.DBus.Properties peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/{,org} - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), - dbus bind bus=session name=org.gnome.ScreenSaver, dbus bind bus=session name=org.freedesktop.Notifications, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 95ba661fa..dccd508e9 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -324,10 +324,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { member=Introspect peer=(name=:*), # all paths and peer's labels - dbus receive bus=session path=/{,org,StatusNotifierWatcher} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect - peer=(name=:*, label=gnome-shell), # itself + peer=(name=:*, label=gnome-shell), dbus (send, receive) bus=session path=/org/gnome/SettingsDaemon/Rfkill interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 8a1440c60..1fc42e76f 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -44,7 +44,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index a6cfa808f..55a017c52 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -108,7 +108,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { member=Embed peer=(name=org.a11y.atspi.Registry), # all peer's labels - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index acd19d131..571ba6e27 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -44,7 +44,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 01c39f99f..649b72ca2 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -85,7 +85,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { member=ListMountableInfo peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index c8ee845c0..be4053775 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -149,7 +149,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { member=EventListenerDeregistered peer=(name=:*, label=at-spi2-registryd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index e96ef7d57..7cf79777f 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -160,7 +160,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { member=ActiveChanged peer=(name=:*, label=gjs-console), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 32dd8d212..4a9871cd5 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -68,7 +68,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { member=RegisterClient peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 64b56cdd8..ef20c976c 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -45,10 +45,10 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { member={EndSession,QueryEndSession,CancelEndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*), + member=Introspect + peer=(name=:*, label=gnome-shell), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index e185fc2df..27f231a24 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -76,7 +76,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { member=PropertiesChanged peer=(name=org.freedesktop.DBus, label=gnome-shell), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index c94dc4675..6d53bab50 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -43,7 +43,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { member={ClientAdded,SessionRunning,ClientRemoved,InhibitorRemoved,InhibitorAdded} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 68daa16dd..2b230e882 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -91,7 +91,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { member=StopUnit peer=(name=org.freedesktop.systemd[0-9]*), # all peer's labels - dbus receive bus=session path=/{,org} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 868626568..16f78944a 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -56,7 +56,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 69280869f..9d640bf3b 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -45,7 +45,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { member={CancelEndSession,QueryEndSession,EndSession,Stop} peer=(name=:*, label=gnome-session-binary), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 8049df0b7..134bdea74 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -75,7 +75,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { member=GetAll peer=(name=:*, label=gnome-shell), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 11e5b64e8..90df3ce8b 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -60,7 +60,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), dbus receive bus=session path=/org/gtk/vfs/mounttracker diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 5f22ae844..db353830b 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -52,7 +52,7 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { member={List,IsSupported} peer=(name=:*, label="{gnome-shell,gnome-control-center,gnome-extension-ding,tracker-*,unconfined}"), - dbus receive bus=session path=/{,org,org/gtk,org/gtk/Private,org/gtk/Private/RemoteVolumeMonitor} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index f3ed674cb..93e263e99 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -35,7 +35,7 @@ profile gvfsd-trash @{exec_path} { member=Spawned peer=(name=:*, label=gvfsd), - dbus receive bus=session path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index ce36afa3f..96aeaccf5 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -20,16 +20,16 @@ profile software-properties-dbus @{exec_path} { member=RequestName peer=(name=org.freedesktop.DBus), - dbus receive bus=system path=/ + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus receive bus=system path=/ interface=com.ubuntu.SoftwareProperties member=Reload, - dbus bind bus=system - name=com.ubuntu.SoftwareProperties, + dbus bind bus=system name=com.ubuntu.SoftwareProperties, @{exec_path} mr, diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index 64426e33f..a6a792f41 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -20,13 +20,10 @@ profile software-properties-gtk @{exec_path} { include include - dbus (send,receive) bus=system path=/com/canonical/UbuntuAdvantage/{,**} - interface=org.freedesktop.DBus.Introspectable - member=Introspect, - - dbus send bus=system path=/ - interface=org.freedesktop.DBus.Introspectable - member=Introspect, + dbus receive bus=session + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=:*, label=gnome-shell), dbus send bus=system path=/ interface=com.ubuntu.SoftwareProperties diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon index b11d555d6..68319cce7 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon @@ -19,13 +19,10 @@ profile ubuntu-advantage-desktop-daemon @{exec_path} flags=(attach_disconnected) member=RequestName peer=(name=org.freedesktop.DBus), - dbus receive bus=system path=/com/canonical/UbuntuAdvantage/{Manager,Services/*} + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect, - - dbus receive bus=system path=/ - interface=org.freedesktop.DBus.Introspectable - member=Introspect, + member=Introspect + peer=(name=:*, label=gnome-shell), dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 8ad336984..29cff0a24 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -75,8 +75,8 @@ profile thunderbird @{exec_path} { member={UserAdded,UserRemoved} peer=(name=:*, label=systemd-logind), - dbus receive bus=system path=/{,org{,/mozilla{,/thunderbird{,/Remote}}}} - interface==org.freedesktop.DBus.Introspectable + dbus receive bus=system + interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 6fa6328d2..da77fb2ea 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -25,7 +25,7 @@ profile wireplumber @{exec_path} { dbus receive bus=session interface=org.freedesktop.DBus.Introspectable - member=Introspect + member=Introspect peer=(name=:*, label=gnome-shell), @{exec_path} mr,