felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/abstractions/desktop
valoq 1f7e019500 clean desktop abstraction
2025-06-12 16:26:39 +02:00

83 lines
2.3 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# Unified minimal abstraction for all UI application regardless of the desktop environment.
# When supported in apparmor, condition will be used in this abstraction to filter
# resources specific for supported DE.
abi <abi/4.0>,
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/qt5>
include <abstractions/wayland>
include <abstractions/X-strict>
include <abstractions/xdg-desktop>
# if @{DE} == gnome
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
/usr/{local/,}share/ r,
/usr/{local/,}share/glib-@{version}/schemas/** r,
/usr/{local/,}share/gvfs/remote-volume-monitors/{,*} r,
/etc/gnome/* r,
/etc/xdg/{,*-}mimeapps.list r,
/var/cache/gio-@{version}/gnome-mimeapps.list r,
/ r, # deny?
owner @{user_share_dirs}/gnome-shell/session.gvdb rw,
# else if @{DE} == kde
@{lib}/kde{,3,4}/*.so mr,
@{lib}/kde{,3,4}/plugins/*/ r,
@{lib}/kde{,3,4}/plugins/*/*.so mr,
/usr/share/knotifications{5,6}/*.notifyrc r,
/etc/xdg/baloofilerc r,
/etc/xdg/kcminputrc r,
/etc/xdg/kdeglobals r,
/etc/xdg/kwinrc r,
owner @{user_cache_dirs}/#@{int} rw,
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/ksycoca{5,6}_??{_,-}* rwlk,
owner @{user_config_dirs}/baloofilerc r,
owner @{user_config_dirs}/dolphinrc r,
owner @{user_config_dirs}/kcminputrc r,
owner @{user_config_dirs}/kdedefaults/ r,
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/trashrc r,
# else if @{DE} == xfce
/usr/share/xfce{,4}/ r,
owner @{user_config_dirs}/xfce4/help{,ers}.rc rw,
owner @{user_config_dirs}/xfce4/help{,ers}.rc.@{int}.tmp rw,
# end
/usr/share/desktop-base/{,**} r,
/usr/share/hwdata/*.ids r,
/usr/share/icu/@{int}.@{int}/*.dat r,
include if exists <abstractions/desktop.d>
# vim:syntax=apparmor
Reference in a new issue View git blame Copy permalink