# apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{share_dirs} = /usr/share/gnome-shell/extensions/ding@rastersoft.com @{share_dirs} += @{user_share_dirs}/gnome-shell/extensions/ding@rastersoft.com @{exec_path} = @{share_dirs}/app/{ding,createThumbnail}.js profile gnome-extension-ding @{exec_path} { include include include include include include include include include include include include include include include include include unix (send,receive) type=stream addr=none peer=(label=gnome-shell), #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions #aa:dbus talk bus=session name=com.rastersoft.dingextension label=gnome-shell interface+=org.gtk.Actions dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus.Introspectable member=Introspect peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus* peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus* peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"), @{exec_path} mr, @{sh_path} rix, @{bin}/env rix, @{bin}/gjs-console rix, @{bin}/gnome-control-center rPx, @{bin}/nautilus rPx, @{share_dirs}/{,**} r, /usr/share/thumbnailers/{,*.thumbnailer} r, owner @{user_desktop_dirs}/ r, owner @{user_templates_dirs}/ r, owner @{user_share_dirs}/nautilus/scripts/ r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, include if exists } # vim:syntax=apparmor