logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

xdg-open (2286B)

    

  1. # vim:syntax=apparmor
  3.   abi <abi/3.0>,
  5. # This abstraction is designed to be used in a child profile to limit what
  6. # confined application can invoke via xdg-open helper. xdg-open abstraction
  7. # will allow to use gio-open, kde-open5 and other helpers of the different
  8. # desktop environments.
  9. #
  10. # Usage example:
  11. #
  12. # ```
  13. # profile foo /usr/bin/foo {
  14. # ...
  15. # /usr/bin/xdg-open rPx -> foo//xdg-open,
  16. # ...
  17. # } # end of main profile
  18. #
  19. # # out-of-line child profile
  20. # profile foo//xdg-open {
  21. #   include <abstractions/xdg-open>
  22. #
  23. #   # Enable a11y support if considered required by
  24. #   # profile author for (rare) error message boxes.
  25. #   include <abstractions/dbus-accessibility>
  26. #
  27. #   # Enable gstreamer support if considered required by
  28. #   # profile author for (rare) error message boxes.
  29. #   include if exists <abstractions/gstreamer>
  30. #
  31. #   # needed for ubuntu-* abstractions
  32. #   include <abstractions/ubuntu-helpers>
  33. #
  34. #   # Only allow to handle http[s]: and mailto: links
  35. #   include <abstractions/ubuntu-browsers>
  36. #   include <abstractions/ubuntu-email>
  37. #
  38. #   # < add additional allowed applications here >
  39. # }
  40. # ```
  42.   include <abstractions/base>
  44.   # for opening with `exo-open`
  45.   include <abstractions/exo-open>
  47.   # for opening with `gio open <uri>`
  48.   include <abstractions/gio-open>
  50.   # for opening with gvfs-open (deprecated)
  51.   include <abstractions/gvfs-open>
  53.   # for opening with kde-open5
  54.   include <abstractions/kde-open5>
  56.   # Main executables
  58.   /{,usr/}bin/{b,d}ash mr,
  59.   /usr/bin/xdg-open r,
  61.   # Additional executables
  63.   /usr/bin/xdg-mime rix,
  64.   /{,usr/}bin/cut rix, # for xdg-mime
  65.   /{,usr/}bin/head rix, # for xdg-mime
  66.   /{,usr/}bin/sed rix, # for xdg-open
  67.   /{,usr/}bin/tr rix, # for xdg-mime
  68.   /{,usr/}bin/which rix, # for xdg-open
  69.   /{,usr/}bin/{grep,egrep} rix, # for xdg-open
  71.   # System files
  73.   /dev/pts/[0-9]* rw,
  74.   /dev/tty w,
  75.   /etc/gnome/defaults.list r, # for grep
  76.   /usr/share/applications/mimeinfo.cache r, # for grep
  77.   /usr/share/terminfo/s/screen r, # for bash on openSUSE
  78.   /usr/share/{,*/}applications/{,*.desktop} r, # for xdg-mime
  79.   /var/lib/menu-xdg/applications/ r, # for xdg-mime
  81.   # Usr files
  83.   owner @{HOME}/.local/share/applications/{,*.desktop} r,
  85.   # Include additions to the abstraction
  86.   include if exists <abstractions/xdg-open.d>