75 lines
2.6 KiB
Text
75 lines
2.6 KiB
Text
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
abi <abi/4.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
@{share_dirs} = /usr/share/gnome-shell/extensions/ding@rastersoft.com
|
|
@{share_dirs} += @{user_share_dirs}/gnome-shell/extensions/ding@rastersoft.com
|
|
|
|
@{exec_path} = @{share_dirs}/app/{ding,createThumbnail}.js
|
|
profile gnome-extension-ding @{exec_path} {
|
|
include <abstractions/base>
|
|
include <abstractions/audio-client>
|
|
include <abstractions/bus-accessibility>
|
|
include <abstractions/bus-session>
|
|
include <abstractions/bus-system>
|
|
include <abstractions/bus/net.hadess.SwitcherooControl>
|
|
include <abstractions/bus/org.a11y>
|
|
include <abstractions/bus/org.freedesktop.FileManager1>
|
|
include <abstractions/bus/session/org.gnome.ArchiveManager1>
|
|
include <abstractions/bus/session/org.gnome.Nautilus.FileOperations2>
|
|
include <abstractions/bus/session/org.gtk.Private.RemoteVolumeMonitor>
|
|
include <abstractions/bus/session/org.gtk.vfs.Daemon>
|
|
include <abstractions/bus/session/org.gtk.vfs.Metadata>
|
|
include <abstractions/dconf-write>
|
|
include <abstractions/gnome-strict>
|
|
include <abstractions/nameservice-strict>
|
|
include <abstractions/notifications>
|
|
|
|
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
|
|
|
|
#aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions
|
|
#aa:dbus talk bus=session name=com.rastersoft.dingextension label=gnome-shell interface+=org.gtk.Actions
|
|
|
|
dbus send bus=session path=/org/freedesktop/DBus
|
|
interface=org.freedesktop.DBus.Introspectable
|
|
member=Introspect
|
|
peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
|
|
|
|
dbus send bus=session path=/org/freedesktop/DBus
|
|
interface=org.freedesktop.DBus*
|
|
peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
|
|
dbus send bus=system path=/org/freedesktop/DBus
|
|
interface=org.freedesktop.DBus*
|
|
peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
|
|
|
|
@{exec_path} mr,
|
|
|
|
@{sh_path} rix,
|
|
@{bin}/env rix,
|
|
@{bin}/gjs-console rix,
|
|
@{bin}/gnome-control-center rPx,
|
|
@{bin}/nautilus rPx,
|
|
|
|
@{share_dirs}/{,**} r,
|
|
/usr/share/thumbnailers/{,*.thumbnailer} r,
|
|
|
|
owner @{user_desktop_dirs}/ r,
|
|
owner @{user_templates_dirs}/ r,
|
|
|
|
owner @{user_share_dirs}/nautilus/scripts/ r,
|
|
|
|
owner @{PROC}/@{pid}/mountinfo r,
|
|
owner @{PROC}/@{pid}/mounts r,
|
|
owner @{PROC}/@{pid}/stat r,
|
|
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
|
|
|
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
|
|
|
include if exists <local/gnome-extension-ding>
|
|
}
|
|
|
|
# vim:syntax=apparmor
|