samwiseetc/apparmor.d/abstractions/ubuntu-unity7-base

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2013-2014 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#
# Rules common to applications running under Unity 7
#

#include <abstractions/gnome>

#include <abstractions/dbus-session-strict>
#include <abstractions/dbus-strict>

  #
  # Access required for connecting to/communication with Unity HUD
  #
  dbus (send)
       bus=session
       path="/com/canonical/hud",
  dbus (send)
       bus=session
       interface="com.canonical.hud.*",
  dbus (send)
       bus=session
       path="/com/canonical/hud/applications/*",
  dbus (receive)
       bus=session
       path="/com/canonical/hud",
  dbus (receive)
       bus=session
       interface="com.canonical.hud.*",

  #
  # Allow access for connecting to/communication with the appmenu
  #
  # dbusmenu
  dbus (send)
       bus=session
       interface="com.canonical.AppMenu.*",
  dbus (receive, send)
        bus=session
        path=/com/canonical/menu/**,

  # gmenu
  dbus (receive, send)
       bus=session
       interface=org.gtk.Actions,
  dbus (receive, send)
       bus=session
       interface=org.gtk.Menus,

  #
  # Access required for using freedesktop notifications
  #
  dbus (send)
       bus=session
       path=/org/freedesktop/Notifications
       member=GetCapabilities,
  dbus (send)
       bus=session
       path=/org/freedesktop/Notifications
       member=GetServerInformation,
  dbus (send)
       bus=session
       path=/org/freedesktop/Notifications
       member=Notify,
  dbus (receive)
       bus=session
       member="Notify"
       peer=(name="org.freedesktop.DBus"),
  dbus (receive)
       bus=session
       path=/org/freedesktop/Notifications
       member=NotificationClosed,
  dbus (send)
       bus=session
       path=/org/freedesktop/Notifications
       member=CloseNotification,

  # accessibility
  dbus (send)
       bus=session
       peer=(name=org.a11y.Bus),
  dbus (receive)
       bus=session
       interface=org.a11y.atspi*,
  dbus (receive, send)
       bus=accessibility,

  #
  # Deny potentially dangerous access
  #
  deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**,
Initial recommit 2 years ago			`# vim:syntax=apparmor`
			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2013-2014 Canonical Ltd.`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`

			`#`
			`# Rules common to applications running under Unity 7`
			`#`

			`#include <abstractions/gnome>`

			`#include <abstractions/dbus-session-strict>`
			`#include <abstractions/dbus-strict>`

			`#`
			`# Access required for connecting to/communication with Unity HUD`
			`#`
			`dbus (send)`
			`bus=session`
			`path="/com/canonical/hud",`
			`dbus (send)`
			`bus=session`
			`interface="com.canonical.hud.*",`
			`dbus (send)`
			`bus=session`
			`path="/com/canonical/hud/applications/*",`
			`dbus (receive)`
			`bus=session`
			`path="/com/canonical/hud",`
			`dbus (receive)`
			`bus=session`
			`interface="com.canonical.hud.*",`

			`#`
			`# Allow access for connecting to/communication with the appmenu`
			`#`
			`# dbusmenu`
			`dbus (send)`
			`bus=session`
			`interface="com.canonical.AppMenu.*",`
			`dbus (receive, send)`
			`bus=session`
			`path=/com/canonical/menu/**,`

			`# gmenu`
			`dbus (receive, send)`
			`bus=session`
			`interface=org.gtk.Actions,`
			`dbus (receive, send)`
			`bus=session`
			`interface=org.gtk.Menus,`

			`#`
			`# Access required for using freedesktop notifications`
			`#`
			`dbus (send)`
			`bus=session`
			`path=/org/freedesktop/Notifications`
			`member=GetCapabilities,`
			`dbus (send)`
			`bus=session`
			`path=/org/freedesktop/Notifications`
			`member=GetServerInformation,`
			`dbus (send)`
			`bus=session`
			`path=/org/freedesktop/Notifications`
			`member=Notify,`
			`dbus (receive)`
			`bus=session`
			`member="Notify"`
			`peer=(name="org.freedesktop.DBus"),`
			`dbus (receive)`
			`bus=session`
			`path=/org/freedesktop/Notifications`
			`member=NotificationClosed,`
			`dbus (send)`
			`bus=session`
			`path=/org/freedesktop/Notifications`
			`member=CloseNotification,`

			`# accessibility`
			`dbus (send)`
			`bus=session`
			`peer=(name=org.a11y.Bus),`
			`dbus (receive)`
			`bus=session`
			`interface=org.a11y.atspi*,`
			`dbus (receive, send)`
			`bus=accessibility,`

			`#`
			`# Deny potentially dangerous access`
			`#`
			`deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**,`