# apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{lib}/xdg-desktop-portal-gtk profile xdg-desktop-portal-gtk @{exec_path} flags=(attach_disconnected) { include include include include include include include include include include include include include include include include include include include signal receive set=term peer=gdm, unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell), #aa:dbus own bus=session name=org.freedesktop.impl.portal.desktop.gtk dbus receive bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.impl.portal.Settings peer=(name=:*), dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.impl.portal.Settings member=SettingChanged peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal), dbus send bus=session path=/org/gtk/Notifications interface=org.freedesktop.DBus.Properties member=GetAll peer=(name=:*, label=gnome-shell), dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=:*, label=gnome-shell), @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, / r, owner /var/lib/xkb/server-@{int}.xkm rw, owner @{gdm_config_dirs}/dconf/user r, owner @{tmp}/runtime-*/xauth_@{rand6} r, @{run}/mount/utab r, @{sys}/devices/virtual/dmi/id/bios_vendor r, @{sys}/devices/virtual/dmi/id/board_vendor r, @{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/sys_vendor r, owner @{PROC}/@{pid}/mountinfo r, include if exists } # vim:syntax=apparmor