logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

gio-open (1546B)

    

  1. # vim:syntax=apparmor
  3.   abi <abi/3.0>,
  5. # This abstraction is designed to be used in a child profile to limit what
  6. # confined application can invoke via gio helper.
  7. #
  8. # NOTE: most likely you want to use xdg-open abstraction instead for better
  9. # portability across desktop environments, unless you are sure that confined
  10. # application only uses /usr/bin/gio directly.
  11. #
  12. # Usage example:
  13. #
  14. # ```
  15. # profile foo /usr/bin/foo {
  16. # ...
  17. # /usr/bin/gio rPx -> foo//gio-open,
  18. # ...
  19. # } # end of main profile
  20. #
  21. # # out-of-line child profile
  22. # profile foo//gio-open {
  23. #   include <abstractions/gio-open>
  24. #
  25. #   # needed for ubuntu-* abstractions
  26. #   include <abstractions/ubuntu-helpers>
  27. #
  28. #   # Only allow to handle http[s]: and mailto: links
  29. #   include <abstractions/ubuntu-browsers>
  30. #   include <abstractions/ubuntu-email>
  31. #
  32. #   # < add additional allowed applications here >
  33. # }
  35.   include <abstractions/base>
  36.   include <abstractions/dbus-session-strict>
  38.   # Main executables
  40.   /usr/bin/gio rix,
  41.   /usr/bin/gio-launch-desktop ix, # for OpenSUSE
  42.   /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop ix,
  44.   # System files
  46.   /etc/gnome/defaults.list r,
  47.   /usr/share/mime/* r,
  48.   /usr/share/{,*/}applications/{,**} r,
  49.   /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
  50.   /var/lib/snapd/desktop/applications/{,**} r,
  52.   # User files
  54.   owner @{HOME}/.config/mimeapps.list r,
  55.   owner @{HOME}/.local/share/applications/{,*.desktop} r,
  56.   owner @{PROC}/@{pid}/fd/ r,
  58.   # Include additions to the abstraction
  59.   include if exists <abstractions/gio-open.d>