debian/patches/apparmor-cleanups.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

From b3c157faeb945fd689fcc8561a520d9e611a7419 Mon Sep 17 00:00:00 2001
From: Vincas Dargis <vindrg@gmail.com>
Date: Sat, 4 Aug 2018 17:40:05 +0300
Subject: [PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699
---
 sysui/desktop/apparmor/program.soffice.bin | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 2fc7fd6b5735..33ad6f933ef6 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -82,6 +82,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
   #include <abstractions/dbus-accessibility>
+  #include <abstractions/dri-enumerate>
   #include <abstractions/ibus>
   #include <abstractions/nameservice>
   #include <abstractions/gnome>
@@ -179,7 +179,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   #Likely moving to abstractions in the future
   owner @{HOME}/.icons/*/cursors/*      r,
   /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
-  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
   /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()

From 5054f7067cc5ee43933893b682e02540fce043b4 Mon Sep 17 00:00:00 2001
From: Rene Engelhard <rene@debian.org>
Date: Sat, 20 Jun 2020 15:33:34 +0200
Subject: deb#962903 #include <abstractions/user-tmp> to allow /tmp/something/*

Change-Id: I6377db152ededc4d46ba7bbbaa9bc66210964e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96770
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
---
 sysui/desktop/apparmor/program.senddoc     | 4 ++--
 sysui/desktop/apparmor/program.soffice.bin | 3 ++-
 sysui/desktop/apparmor/program.xpdfimport  | 5 ++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
index d659ec9b98b3..969130f4ea90 100644
--- a/sysui/desktop/apparmor/program.senddoc
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -17,8 +17,8 @@
 profile libreoffice-senddoc INSTDIR-program/senddoc {
   #include <abstractions/base>
 
-  owner /tmp/lu**       rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                               #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /{usr/,}bin/sh        rmix,
   /{usr/,}bin/bash      rmix,
   /{usr/,}bin/dash      rmix,
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 212eb7c62b15..42053db2abef 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -92,6 +92,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   #include <abstractions/python>
   #include <abstractions/p11-kit>
 
+  #include <abstractions/user-tmp>
+
   #List directories for file browser
   /                                     r,
   /**/                                  r,
@@ -116,7 +118,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   owner @{HOME}/.config/soffice.binrc.lock rwk,
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
-  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
 
   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
index efe10dce020d..f8bfbfe8fa49 100644
--- a/sysui/desktop/apparmor/program.xpdfimport
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -17,9 +17,8 @@
 profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
   #include <abstractions/base>
 
-  owner /tmp/*              r,     #Seems to need to read file created with pattern /tmp/RRRRRR
-  owner /tmp/lu**           rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                                   #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /usr/share/poppler/**     r,
   /usr/share/libreoffice/share/config/* r,
   owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
-- 
cgit v1.2.1