apparmor.d

kde-open5 (3699B)

# vim:syntax=apparmor
  abi <abi/3.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via kde-open5 helper.
#
# NOTE: most likely you want to use xdg-open abstraction instead for better
# portability across desktop environments, unless you are sure that confined
# application only uses /usr/bin/kde-open5 directly.
#
# Usage example:
#
# ```
# profile foo /usr/bin/foo {
# ...
# /usr/bin/kde-open5 rPx -> foo//kde-open5,
# ...
# } # end of main profile
#
# # out-of-line child profile
# profile foo//kde-open5 {
#   include <abstractions/kde-open5>
#
#   # needed for ubuntu-* abstractions
#   include <abstractions/ubuntu-helpers>
#
#   # Only allow to handle http[s]: and mailto: links
#   include <abstractions/ubuntu-browsers>
#   include <abstractions/ubuntu-email>
#
#   # Add if accessibility access is considered as required
#   # (for message box in case exo-open fails)
#   include <abstractions/dbus-accessibility>
#
#   # Add if audio support for message box is
#   # considered as required.
#   include if exists <abstractions/gstreamer>
#
#   # < add additional allowed applications here >
# }
# ```
  include <abstractions/audio> # for alert messages
  include <abstractions/base>
  include <abstractions/dbus-accessibility-strict>
  include <abstractions/dbus-network-manager-strict>
  include <abstractions/dbus-session-strict>
  include <abstractions/dbus-strict>
  include <abstractions/kde-icon-cache-write>
  include <abstractions/kde>
  include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
  include <abstractions/openssl>
  include <abstractions/qt5>
  include <abstractions/recent-documents-write>
  include <abstractions/X>
  # Main executables
  /usr/bin/kde-open5 rix,
  /usr/lib/@{multiarch}/libexec/kf5/kioslave{,5} ix,
  # DBus
  dbus
      bus=session
      interface=org.kde.KLauncher
      member=start_service_by_desktop_path
      peer=(name=org.kde.klauncher5),
  # Denied system files
  deny /usr/lib/vlc/plugins/* w, # VLC backed tries to create plugins.dat.16109
  # libpcre2 on openSUSE tries to mmap() shared memory on directory.
  # see: https://lists.ubuntu.com/archives/apparmor/2019-January/011925.html
  # AppArmor does not allow to distinguish "real" file vs shared memory one,
  # so we deny this path to protect from loading exploits from /tmp.
  deny /tmp/#[0-9]*[0-9] m,
  # System files
  /dev/tty r,
  /etc/xdg/accept-languages.codes r,
  /etc/xdg/menus/{,*/} r,
  /usr/share/*fonts*/conf.avail/*.conf r, # for openSUSE, when showing error message box
  /usr/share/ghostscript/fonts/ r, # for openSUSE, when showing error message box
  /usr/share/hwdata/pnp.ids r, # for openSUSE, when showing error message box, for QXcbConnection::initializeScreens() from libQt5XcbQpa.so
  /usr/share/icu/[0-9]*.[0-9]*/*.dat r, # for openSUSE
  /usr/share/kservices5/{,**} r, # for KProtocolManager::defaultUserAgent() from libKF5KIOCore.so
  /usr/share/mime/ r,
  /usr/share/mime/generic-icons r,
  /usr/share/plasma/look-and-feel/*/contents/defaults r, # TODO: move to kde abstraction?
  /usr/share/sounds/ r,
  @{PROC}/sys/kernel/core_pattern r,
  @{PROC}/sys/kernel/random/boot_id r,
  # User files
  owner /tmp/xauth-[0-9]*-_[0-9] r, # for libQt5XcbQpa.so
  owner @{run}/user/[0-9]*/#[0-9]* rw, # for /run/user/1000/#13
  owner @{run}/user/[0-9]*/kioclient*slave-socket lrw -> @{run}/user/[0-9]/#[0-9]*, # for KIO::Slave::holdSlave(QString const&, QUrl const&) () from libKF5KIOCore.so (not 100% sure)
  owner @{HOME}/.cache/kio_http/ rw,
  # Include additions to the abstraction
  include if exists <abstractions/kde-open5.d>