From a6c01eb00713c21d8bc64cba47e511b0b5737908 Mon Sep 17 00:00:00 2001 From: Vincas Dargis Date: Sat, 26 Jan 2019 17:19:15 +0200 Subject: [PATCH] fix(apparmor): Fix dbus access Add rules to allow DBus access (send & receive) to various DBus interfaces. Detected on Ubuntu 18.04. --- security/apparmor/2.12.1/usr.bin.qtox | 77 +++++++++++++++++++++++++++ security/apparmor/2.13.2/usr.bin.qtox | 77 +++++++++++++++++++++++++++ 2 files changed, 154 insertions(+) diff --git a/security/apparmor/2.12.1/usr.bin.qtox b/security/apparmor/2.12.1/usr.bin.qtox index dfaffd478..40d909356 100644 --- a/security/apparmor/2.12.1/usr.bin.qtox +++ b/security/apparmor/2.12.1/usr.bin.qtox @@ -48,6 +48,83 @@ profile qtox /usr{,/local}/bin/qtox { member=Get peer=(label=unconfined), + dbus receive + bus=session + path=/ + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(label=unconfined), + + dbus send + bus=session + path=/StatusNotifierWatcher + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(label=unconfined), + + dbus send + bus=session + path=/StatusNotifierWatcher + interface=org.freedesktop.DBus.Properties + member=Get + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.NetworkManager + member=GetDevices + peer=(label=unconfined), + + dbus receive + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.NetworkManager + member=PropertiesChanged + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Settings + interface=org.freedesktop.NetworkManager.Settings + member=ListConnections + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Settings/[0-9]* + interface=org.freedesktop.NetworkManager.Settings.Connection + member=GetSettings + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]* + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + + dbus receive + bus=system + path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]* + interface=org.freedesktop.NetworkManager.Connection.Active + member=PropertiesChanged + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Devices/[0-9]* + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + # System files /usr/share/hunspell/* r, diff --git a/security/apparmor/2.13.2/usr.bin.qtox b/security/apparmor/2.13.2/usr.bin.qtox index 13bb1d278..8f1a0a55e 100644 --- a/security/apparmor/2.13.2/usr.bin.qtox +++ b/security/apparmor/2.13.2/usr.bin.qtox @@ -54,6 +54,83 @@ profile qtox /usr{,/local}/bin/qtox { member=Get peer=(label=unconfined), + dbus receive + bus=session + path=/ + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(label=unconfined), + + dbus send + bus=session + path=/StatusNotifierWatcher + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(label=unconfined), + + dbus send + bus=session + path=/StatusNotifierWatcher + interface=org.freedesktop.DBus.Properties + member=Get + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.NetworkManager + member=GetDevices + peer=(label=unconfined), + + dbus receive + bus=system + path=/org/freedesktop/NetworkManager + interface=org.freedesktop.NetworkManager + member=PropertiesChanged + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Settings + interface=org.freedesktop.NetworkManager.Settings + member=ListConnections + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Settings/[0-9]* + interface=org.freedesktop.NetworkManager.Settings.Connection + member=GetSettings + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]* + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + + dbus receive + bus=system + path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]* + interface=org.freedesktop.NetworkManager.Connection.Active + member=PropertiesChanged + peer=(label=unconfined), + + dbus send + bus=system + path=/org/freedesktop/NetworkManager/Devices/[0-9]* + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(label=unconfined), + # System files /usr/share/hunspell/* r,