# apparmor.d - Full set of apparmor profiles # Copyright (C) 2017-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{bin}/gnome-keyring-daemon profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { include include include include include include include capability ipc_lock, signal (receive) set=(term) peer=gdm, signal (send) set=(term) peer=ssh-agent, #aa:dbus own bus=session name=org.gnome.keyring #aa:dbus own bus=session name=org.freedesktop.{S,s}ecret{,s} dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession peer=(name=org.freedesktop.login1, label=systemd-logind), @{exec_path} mr, @{bin}/ssh-add rix, @{bin}/ssh-agent rPx, @{lib}/gcr-ssh-askpass rPUx, /etc/gcrypt/hwf.deny r, owner @{gdm_local_dirs}/ rw, owner @{gdm_share_dirs}/ rw, owner @{gdm_share_dirs}/keyrings/ rw, # Keyrings location owner @{user_share_dirs}/keyrings/ rw, owner @{user_share_dirs}/keyrings/* rwl, # Seahorse and SSH keys owner @{HOME}/@{XDG_SSH_DIR}/{,**} r, owner @{HOME}/.local/ w, owner @{user_share_dirs}/ w, owner @{run}/user/@{uid}/keyring/ rw, owner @{run}/user/@{uid}/keyring/* rw, owner @{run}/user/@{uid}/ssh-askpass.@{rand6}/{,*} rw, @{run}/user/@{uid}/keyring/control r, owner @{PROC}/@{pid}/fd/ r, include if exists } # vim:syntax=apparmor