fix(apparmor): Fix dbus access

Add rules to allow DBus access (send & receive) to various DBus interfaces. Detected on Ubuntu 18.04.
2024-03-22 14:00:36 +08:00 · 2019-01-26 17:19:15 +02:00 · 2019-01-26 17:19:15 +02:00 · a6c01eb007
commit a6c01eb007
parent 577aeb8fa3
2 changed files with 154 additions and 0 deletions
--- a/security/apparmor/2.12.1/usr.bin.qtox
+++ b/security/apparmor/2.12.1/usr.bin.qtox
@ -48,6 +48,83 @@ profile qtox /usr{,/local}/bin/qtox {
    member=Get
    peer=(label=unconfined),

+  dbus receive
+    bus=session
+    path=/
+    interface=org.freedesktop.DBus.Introspectable
+    member=Introspect
+    peer=(label=unconfined),
+
+  dbus send
+    bus=session
+    path=/StatusNotifierWatcher
+    interface=org.freedesktop.DBus.Introspectable
+    member=Introspect
+    peer=(label=unconfined),
+
+  dbus send
+    bus=session
+    path=/StatusNotifierWatcher
+    interface=org.freedesktop.DBus.Properties
+    member=Get
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.NetworkManager
+    member=GetDevices
+    peer=(label=unconfined),
+
+  dbus receive
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.NetworkManager
+    member=PropertiesChanged
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Settings
+    interface=org.freedesktop.NetworkManager.Settings
+    member=ListConnections
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Settings/[0-9]*
+    interface=org.freedesktop.NetworkManager.Settings.Connection
+    member=GetSettings
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
+  dbus receive
+    bus=system
+    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
+    interface=org.freedesktop.NetworkManager.Connection.Active
+    member=PropertiesChanged
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Devices/[0-9]*
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
  # System files

  /usr/share/hunspell/* r,
--- a/security/apparmor/2.13.2/usr.bin.qtox
+++ b/security/apparmor/2.13.2/usr.bin.qtox
@ -54,6 +54,83 @@ profile qtox /usr{,/local}/bin/qtox {
    member=Get
    peer=(label=unconfined),

+  dbus receive
+    bus=session
+    path=/
+    interface=org.freedesktop.DBus.Introspectable
+    member=Introspect
+    peer=(label=unconfined),
+
+  dbus send
+    bus=session
+    path=/StatusNotifierWatcher
+    interface=org.freedesktop.DBus.Introspectable
+    member=Introspect
+    peer=(label=unconfined),
+
+  dbus send
+    bus=session
+    path=/StatusNotifierWatcher
+    interface=org.freedesktop.DBus.Properties
+    member=Get
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.NetworkManager
+    member=GetDevices
+    peer=(label=unconfined),
+
+  dbus receive
+    bus=system
+    path=/org/freedesktop/NetworkManager
+    interface=org.freedesktop.NetworkManager
+    member=PropertiesChanged
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Settings
+    interface=org.freedesktop.NetworkManager.Settings
+    member=ListConnections
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Settings/[0-9]*
+    interface=org.freedesktop.NetworkManager.Settings.Connection
+    member=GetSettings
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
+  dbus receive
+    bus=system
+    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
+    interface=org.freedesktop.NetworkManager.Connection.Active
+    member=PropertiesChanged
+    peer=(label=unconfined),
+
+  dbus send
+    bus=system
+    path=/org/freedesktop/NetworkManager/Devices/[0-9]*
+    interface=org.freedesktop.DBus.Properties
+    member=GetAll
+    peer=(label=unconfined),
+
  # System files

  /usr/share/hunspell/* r,