fix(apparmor): Fix dbus access

Add rules to allow DBus access (send & receive) to various DBus interfaces. Detected on Ubuntu 18.04.
2024-03-22 14:00:36 +08:00 · 2019-01-26 17:19:15 +02:00 · 2019-01-26 17:19:15 +02:00 · a6c01eb007
commit a6c01eb007
parent 577aeb8fa3
2 changed files with 154 additions and 0 deletions
--- a/security/apparmor/2.12.1/usr.bin.qtox
+++ b/security/apparmor/2.12.1/usr.bin.qtox
@ -48,6 +48,83 @@ profile qtox /usr{,/local}/bin/qtox {
    member=Get
    peer=(label=unconfined),
  dbus receive
    bus=session
    path=/
    interface=org.freedesktop.DBus.Introspectable
    member=Introspect
    peer=(label=unconfined),
  dbus send
    bus=session
    path=/StatusNotifierWatcher
    interface=org.freedesktop.DBus.Introspectable
    member=Introspect
    peer=(label=unconfined),
  dbus send
    bus=session
    path=/StatusNotifierWatcher
    interface=org.freedesktop.DBus.Properties
    member=Get
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.NetworkManager
    member=GetDevices
    peer=(label=unconfined),
  dbus receive
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.NetworkManager
    member=PropertiesChanged
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Settings
    interface=org.freedesktop.NetworkManager.Settings
    member=ListConnections
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Settings/[0-9]*
    interface=org.freedesktop.NetworkManager.Settings.Connection
    member=GetSettings
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  dbus receive
    bus=system
    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
    interface=org.freedesktop.NetworkManager.Connection.Active
    member=PropertiesChanged
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Devices/[0-9]*
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  # System files
  /usr/share/hunspell/* r,
--- a/security/apparmor/2.13.2/usr.bin.qtox
+++ b/security/apparmor/2.13.2/usr.bin.qtox
@ -54,6 +54,83 @@ profile qtox /usr{,/local}/bin/qtox {
    member=Get
    peer=(label=unconfined),
  dbus receive
    bus=session
    path=/
    interface=org.freedesktop.DBus.Introspectable
    member=Introspect
    peer=(label=unconfined),
  dbus send
    bus=session
    path=/StatusNotifierWatcher
    interface=org.freedesktop.DBus.Introspectable
    member=Introspect
    peer=(label=unconfined),
  dbus send
    bus=session
    path=/StatusNotifierWatcher
    interface=org.freedesktop.DBus.Properties
    member=Get
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.NetworkManager
    member=GetDevices
    peer=(label=unconfined),
  dbus receive
    bus=system
    path=/org/freedesktop/NetworkManager
    interface=org.freedesktop.NetworkManager
    member=PropertiesChanged
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Settings
    interface=org.freedesktop.NetworkManager.Settings
    member=ListConnections
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Settings/[0-9]*
    interface=org.freedesktop.NetworkManager.Settings.Connection
    member=GetSettings
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  dbus receive
    bus=system
    path=/org/freedesktop/NetworkManager/ActiveConnection/[0-9]*
    interface=org.freedesktop.NetworkManager.Connection.Active
    member=PropertiesChanged
    peer=(label=unconfined),
  dbus send
    bus=system
    path=/org/freedesktop/NetworkManager/Devices/[0-9]*
    interface=org.freedesktop.DBus.Properties
    member=GetAll
    peer=(label=unconfined),
  # System files
  /usr/share/hunspell/* r,