gnome (3789B)
- # vim:syntax=apparmor
- # ------------------------------------------------------------------
- #
- # Copyright (C) 2002-2009 Novell/SUSE
- # Copyright (C) 2009-2011 Canonical Ltd.
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of version 2 of the GNU General Public
- # License published by the Free Software Foundation.
- #
- # ------------------------------------------------------------------
- abi <abi/3.0>,
- include <abstractions/base>
- include <abstractions/fonts>
- include <abstractions/X>
- include <abstractions/freedesktop.org>
- include <abstractions/xdg-desktop>
- include <abstractions/user-tmp>
- include <abstractions/wayland>
- # systemwide gtk defaults
- /etc/gnome/gtkrc* r,
- /etc/gtk/* r,
- /usr/lib{,32,64}/gtk/** mr,
- /usr/lib/@{multiarch}/gtk/** mr,
- /usr/lib{,32,64}/gtk-[0-9]*/** mr,
- /usr/lib/@{multiarch}/gtk-[0-9]*/** mr,
- /usr/share/themes/ r,
- /usr/share/themes/** r,
- /usr/share/gtk-3.0/settings.ini r,
- # for gnome 1 applications
- /etc/orbitrc r,
- # gtk-2 needed some new rights
- /etc/fonts/* r,
- /etc/gtk-*/* r,
- /etc/pango/* r,
- /usr/lib{,32,64}/pango/** mr,
- /usr/lib{,32,64}/gtk-*/** mr,
- /usr/lib{,32,64}/gdk-pixbuf-*/** mr,
- /usr/lib/@{multiarch}/pango/** mr,
- /usr/lib/@{multiarch}/gtk-*/** mr,
- /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr,
- # per-user gtk configuration
- owner @{HOME}/.config/gtk-3.0/ w,
- owner @{HOME}/.config/gtk-3.0/* r,
- owner @{HOME}/.gnome/Gnome r,
- owner @{HOME}/.gtk r,
- owner @{HOME}/.gtkrc r,
- owner @{HOME}/.gtkrc-2.0 r,
- owner @{HOME}/.gtk-bookmarks r,
- owner @{HOME}/.themes/ r,
- owner @{HOME}/.themes/** r,
- owner @{user_share_dirs}/themes/ r,
- owner @{user_share_dirs}/themes/** r,
- # for gtk file dialog
- owner @{HOME}/.config/gtk-2.0/ w,
- owner @{HOME}/.config/gtk-2.0/** r,
- owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,
- # from evolution-mail
- owner @{HOME}/.gconfd/lock/* r,
- owner @{HOME}/.gnome/application-info r,
- # per-user font business
- owner @{HOME}/.fonts.cache-* rwl,
- # GtkComposeTable
- owner @{HOME}/.cache/gtk-3.0/** r,
- # icon caches
- /var/cache/**/icon-theme.cache r,
- /usr/share/**/icon-theme.cache r,
- # GLib schemas
- /usr/{local/,}share/glib-[0-9]*/schemas/ r,
- /usr/{local/,}share/glib-[0-9]*/schemas/** r,
- # GLib / dconf settings
- owner @{HOME}/.config/glib-2.0/settings/keyfile rw,
- # gnome VFS modules
- /etc/gnome-vfs-2.0/modules/ r,
- /etc/gnome-vfs-2.0/modules/* r,
- /usr/lib/gnome-vfs-2.0/modules/*.so mr,
- /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr,
- # gvfs
- /usr/share/gvfs/remote-volume-monitors/ r,
- /usr/share/gvfs/remote-volume-monitors/* r,
- @{PROC}/@{pid}/mounts r,
- @{run}/mount/utab r,
- # printing
- /etc/papersize r,
- /etc/cups/lpoptions r,
- /usr/share/cups/charmaps/** r,
- # holds MIT-MAGIC-COOKIE for gnome
- owner @{run}/gdm/auth*/database r,
- # mime-types
- /etc/gnome/defaults.list r,
- /etc/xdg/{,*-}mimeapps.list r,
- /usr/share/gnome/applications/ r,
- /usr/share/gnome/applications/mimeinfo.cache r,
- # Allow connecting to the GNOME vfs socket (still need corresponding DBus
- # rules)
- unix (send, receive, connect)
- type=stream
- peer=(addr="@/dbus-vfs-daemon/socket-*"),
- # Include additions to the abstraction
- include if exists <abstractions/gnome.d>