1
0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00

fix(apparmor): fix file dialog denies

Add dbus and file rules to fix numerous denies when File Dialog is used
to select file for sending.
This commit is contained in:
Vincas Dargis 2019-02-10 16:26:05 +02:00
parent dffe00b4e3
commit 4565ac1b19
2 changed files with 102 additions and 0 deletions

View File

@ -169,6 +169,55 @@ profile qtox /usr{,/local}/bin/qtox {
member={NewIcon,NewToolTip}
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UPower
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UDisks2/{block_devices,block_devices/*,drives,drives/*}
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UDisks2/{block_devices,drives}/*
interface=org.freedesktop.DBus.Properties
member={Get,GetAll}
peer=(label=unconfined),
dbus send
bus=session
path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member=GetConnectionUnixUser
peer=(label=unconfined),
dbus send
bus=session
path=/
interface=org.kde.KDirNotify
member={enteredDirectory,leftDirectory}
peer=(label=unconfined),
dbus receive
bus=session
path=/
interface=org.kde.KDirNotify
member=FilesAdded
peer=(label=unconfined),
dbus send
bus=session
path=/KLauncher
interface=org.kde.KSlaveLauncher
member=requestSlave
peer=(label=unconfined),
# Denied files
# libpcre2 on openSUSE tries to mmap() shared memory on directory.
@ -201,6 +250,7 @@ profile qtox /usr{,/local}/bin/qtox {
/sys/bus/ r, # file dialog
/sys/bus/usb/devices/ r, # file dialog
/sys/class/ r, # file dialog
/sys/devices/**/uevent r, # file dialog
/sys/devices/system/node/ r, # for ld-linux-x86-64.so -> libnuma1.so
/sys/devices/system/node/node[0-9]*/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so
/usr/share/emoticons/{,**} r,
@ -208,6 +258,7 @@ profile qtox /usr{,/local}/bin/qtox {
/usr/share/mime/ r, # file dialog
/usr/share/plasma/look-and-feel/*/contents/defaults r, # TODO: move to kde abstraction?
/usr/share/sounds/ r, # file dialog (alert)
/{,var/}run/udev/data/* r, # file dialog
# User files

View File

@ -176,6 +176,55 @@ profile qtox /usr{,/local}/bin/qtox {
member={NewIcon,NewToolTip}
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UPower
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UDisks2/{block_devices,block_devices/*,drives,drives/*}
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/UDisks2/{block_devices,drives}/*
interface=org.freedesktop.DBus.Properties
member={Get,GetAll}
peer=(label=unconfined),
dbus send
bus=session
path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member=GetConnectionUnixUser
peer=(label=unconfined),
dbus send
bus=session
path=/
interface=org.kde.KDirNotify
member={enteredDirectory,leftDirectory}
peer=(label=unconfined),
dbus receive
bus=session
path=/
interface=org.kde.KDirNotify
member=FilesAdded
peer=(label=unconfined),
dbus send
bus=session
path=/KLauncher
interface=org.kde.KSlaveLauncher
member=requestSlave
peer=(label=unconfined),
# Denied files
# libpcre2 on openSUSE tries to mmap() shared memory on directory.
@ -208,6 +257,7 @@ profile qtox /usr{,/local}/bin/qtox {
/sys/bus/ r, # file dialog
/sys/bus/usb/devices/ r, # file dialog
/sys/class/ r, # file dialog
/sys/devices/**/uevent r, # file dialog
/sys/devices/system/node/ r, # for ld-linux-x86-64.so -> libnuma1.so
/sys/devices/system/node/node[0-9]*/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so
/usr/share/emoticons/{,**} r,
@ -215,6 +265,7 @@ profile qtox /usr{,/local}/bin/qtox {
/usr/share/mime/ r, # file dialog
/usr/share/plasma/look-and-feel/*/contents/defaults r, # TODO: move to kde abstraction?
/usr/share/sounds/ r, # file dialog (alert)
/{,var/}run/udev/data/* r, # file dialog
# User files