67 lines
1.8 KiB
Text
67 lines
1.8 KiB
Text
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
abi <abi/4.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
@{exec_path} = @{bin}/papers
|
|
profile papers @{exec_path} flags=(attach_disconnected) {
|
|
include <abstractions/base>
|
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
|
include <abstractions/common/gnome>
|
|
include <abstractions/ssl_certs>
|
|
include <abstractions/user-download-strict>
|
|
include <abstractions/user-read-strict>
|
|
include <abstractions/user-write-strict>
|
|
|
|
#aa:dbus own bus=session name=org.gnome.Papers interface+=org.freedesktop.Application
|
|
|
|
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
|
|
|
|
dbus send bus=session path=/org/freedesktop/portal/desktop/session/1_4509/gtk1155412026
|
|
interface=org.freedesktop.portal.Session
|
|
member=Close
|
|
peer=(name=org.freedesktop.portal.Desktop, label=xdg-desktop-portal),
|
|
|
|
@{exec_path} mr,
|
|
|
|
@{open_path} Cx -> open,
|
|
|
|
/usr/share/poppler/{,**} r,
|
|
|
|
/etc/passwd r,
|
|
|
|
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
|
|
|
owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk,
|
|
owner @{HOME}/.mozilla/firefox/*/pkcs11.txt rw,
|
|
owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db-journal rw,
|
|
|
|
/tmp/ r,
|
|
/var/tmp/ r,
|
|
owner @{tmp}/.goutputstream-@{rand6} rw,
|
|
owner @{tmp}/papers-@{int}/{,**} rw,
|
|
owner @{tmp}/gtkprint_@{rand6} rw,
|
|
owner @{tmp}/gtkprint@{rand6} rw,
|
|
|
|
@{run}/mount/utab r,
|
|
|
|
owner @{PROC}/@{pid}/mountinfo r,
|
|
|
|
profile open {
|
|
include <abstractions/base>
|
|
include <abstractions/app/open>
|
|
|
|
@{browsers_path} Px,
|
|
@{help_path} Px,
|
|
@{bin}/papers Px,
|
|
|
|
include if exists <local/papers_open>
|
|
}
|
|
|
|
include if exists <local/papers>
|
|
}
|
|
|
|
# vim:syntax=apparmor
|