summaryrefslogtreecommitdiffstats
path: root/sysui/desktop/apparmor
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sysui/desktop/apparmor/program.oosplash36
-rw-r--r--sysui/desktop/apparmor/program.senddoc37
-rw-r--r--sysui/desktop/apparmor/program.soffice.bin263
-rw-r--r--sysui/desktop/apparmor/program.xpdfimport31
4 files changed, 367 insertions, 0 deletions
diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash
new file mode 100644
index 000000000..dd1136bc9
--- /dev/null
+++ b/sysui/desktop/apparmor/program.oosplash
@@ -0,0 +1,36 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+# Copyright (C) 2018 Software in the Public Interest, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Author: Bryan Quigley <bryan.quigley@canonical.com>
+# Rene Engelhard <rene@debian.org>
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+profile libreoffice-oosplash INSTDIR-program/oosplash {
+ #include <abstractions/base>
+ #include <abstractions/X>
+
+ /etc/libreoffice/ r,
+ /etc/libreoffice/** r,
+ /etc/passwd r,
+ /etc/nsswitch.conf r,
+ /run/nscd/passwd r,
+ /sys/devices/{virtual,pci[0-9]*}/**/queue/rotational r, # for isRotational() in desktop/unx/source/pagein.c
+ /usr/lib{,32,64}/ure/bin/javaldx rmpux,
+ /usr/share/libreoffice/program/* r,
+ INSTDIR-program/** r,
+ INSTDIR-program/soffice.bin rmpx,
+ INSTDIR-program/javaldx rmpux,
+ owner @{HOME}/.Xauthority r,
+ owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
+ unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),
+ unix peer=(addr=@/tmp/.X11-unix/* label=unconfined),
+}
diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
new file mode 100644
index 000000000..969130f4e
--- /dev/null
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -0,0 +1,37 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+# Copyright (C) 2017 Software in the Public Interest, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Authors: Bryan Quigley <bryan.quigley@canonical.com>
+# Rene Engelhard <rene@debian.org>
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+profile libreoffice-senddoc INSTDIR-program/senddoc {
+ #include <abstractions/base>
+
+ #include <abstractions/user-tmp>
+
+ /{usr/,}bin/sh rmix,
+ /{usr/,}bin/bash rmix,
+ /{usr/,}bin/dash rmix,
+ /{usr/,}bin/sed rmix,
+ /usr/bin/dirname rmix,
+ /usr/bin/basename rmix,
+ /{usr/,}bin/grep rmix,
+ /{usr/,}bin/uname rmix,
+ /usr/bin/xdg-open rPUx,
+ /usr/bin/xdg-email rPUx,
+ /dev/null rw,
+ INSTDIR-program/uri-encode rmpux,
+ /usr/share/libreoffice/share/config/* r,
+ owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
+}
+
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
new file mode 100644
index 000000000..42053db2a
--- /dev/null
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -0,0 +1,263 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+# Copyright (C) 2018 Software in the Public Interest, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Authors: Jonathan Davies <jonathan.davies@canonical.com>
+# Bryan Quigley <bryan.quigley@canonical.com>
+# Rene Engelhard <rene@debian.org>
+#
+# ------------------------------------------------------------------
+
+# This profile should enable the average LibreOffice user to get their
+# work done while blocking some advanced usage
+# Namely not tested and likely not working : embedded plugins,
+# Using the LibreOffice SDK and other development tasks
+# Everything else should be working
+
+#Defines all common supported file formats
+#Some obscure ones we're excluded (mostly input)
+
+#Generic
+#.txt
+@{libreoffice_ext} = [tT][xX][tT]
+#All the open document format
+@{libreoffice_ext} += {,f,F}[oO][dDtT][tTsSpPbBgGfF]
+#.xml and xsl
+@{libreoffice_ext} += [xX][mMsS][lL]
+#.pdf
+@{libreoffice_ext} += [pP][dD][fF]
+#Unified office format
+@{libreoffice_ext} += [uU][oO][fFtTsSpP]
+#(x)htm(l)
+@{libreoffice_ext} += {,x,X}[hH][tT][mM]{,l,L}
+#.epub
+@{libreoffice_ext} += [eE][pP][uU][bB]
+#.ps (printing to file)
+@{libreoffice_ext} += [pP][sS]
+
+#Images
+@{libreoffice_ext} += [jJ][pP][gG]
+@{libreoffice_ext} += [jJ][pP][eE][gG]
+@{libreoffice_ext} += [pP][nN][gG]
+@{libreoffice_ext} += [sS][vV][gG]
+@{libreoffice_ext} += [sS][vV][gG][zZ]99251
+@{libreoffice_ext} += [tT][iI][fF]
+@{libreoffice_ext} += [tT][iI][fF][fF]
+
+#Writer
+@{libreoffice_ext} += [dD][oO][cCtT]{,x,X}
+@{libreoffice_ext} += [rR][tT][fF]
+
+#Calc
+@{libreoffice_ext} += [xX][lL][sStT]{,x,X,m,M}
+@{libreoffice_ext} += [xX][lL][wW]
+#.dif dbf
+@{libreoffice_ext} += [dD][iIbB][fF]
+#.tsv .csv
+@{libreoffice_ext} += [cCtT][sS][vV]
+@{libreoffice_ext} += [sS][lL][kK]
+
+#Impress/Draw
+@{libreoffice_ext} += [pP][pP][tTsS]{,x,X}
+@{libreoffice_ext} += [pP][oO][tT]{,m,M}
+#Photoshop
+@{libreoffice_ext} += [pP][sS][dD]
+
+#Math
+@{libreoffice_ext} += [mM][mM][lL]
+
+@{libo_user_dirs} = @{HOME} /mnt /media
+
+#include <tunables/global>
+
+profile libreoffice-soffice INSTDIR-program/soffice.bin {
+ #include <abstractions/private-files>
+
+ #include <abstractions/audio>
+ #include <abstractions/bash>
+ #include <abstractions/cups-client>
+ #include <abstractions/dbus>
+ #include <abstractions/dbus-session>
+ #include <abstractions/dbus-accessibility>
+ #include <abstractions/ibus>
+ #include <abstractions/nameservice>
+ #include <abstractions/gnome>
+# GnuPG1 only...
+# #include <abstractions/gnupg>
+ #include <abstractions/python>
+ #include <abstractions/p11-kit>
+
+ #include <abstractions/user-tmp>
+
+ #List directories for file browser
+ / r,
+ /**/ r,
+
+ owner @{libo_user_dirs}/**/ rw, #allow creating directories that we own
+ owner @{libo_user_dirs}/**~lock.* rw, #lock file support
+ owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the right exts
+ owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving
+ owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE
+
+ # Settings
+ /etc/libreoffice/ r,
+ /etc/libreoffice/** r,
+
+ /etc/cups/ppd/*.ppd r,
+ /etc/xml/catalog r, #exporting to .xhtml, for libxml2
+ /proc/*/status r,
+
+ owner @{HOME}/.config/libreoffice{,dev}/** rwk,
+ owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/soffice.binrc.lock rwk,
+ owner @{HOME}/.cache/fontconfig/** rw,
+ owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
+
+ owner /{,var/}run/user/*/dconf/user rw,
+ owner @{HOME}/.config/dconf/user r,
+
+ # allow schema to be read
+ /usr/share/glib-*/schemas/ r,
+ /usr/share/glib-*/schemas/** r,
+
+ # bluetooth send to
+ network bluetooth,
+
+ /{usr/,}bin/sh rmix,
+ /{usr/,}bin/bash rmix,
+ /{usr/,}bin/dash rmix,
+ /{usr/,}bin/rm rmix, #deleting /tmp/psp1534203998 (printing to file)
+ /usr/bin/bluetooth-sendto rmPUx,
+ /usr/bin/lpr rmPUx,
+ /usr/bin/paperconf rmix,
+ /usr/bin/gpgconf rmix,
+ /usr/bin/gpg rmCx -> gpg,
+ /usr/bin/gpgsm rmCx -> gpg,
+ /usr/bin/gpa rix,
+ /usr/bin/seahorse rix,
+ /usr/bin/kgpg rix,
+ /usr/bin/kleopatra rix,
+
+ /dev/tty rw,
+
+ /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx,
+ owner @{HOME}/.cache/gstreamer-???/** rw,
+ unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this
+
+ /usr/lib{,32,64}/jvm/ r,
+ /usr/lib{,32,64}/jvm/** r,
+ /usr/lib{,32,64}/jvm/**/jre/bin/java mix,
+ /usr/lib{,32,64}/jvm/**/bin/java mix,
+ INSTDIR-** rw,
+ INSTDIR-**.so m,
+ INSTDIR-program/soffice.bin mix,
+ INSTDIR-program/xpdfimport px,
+ INSTDIR-program/senddoc px,
+ /usr/bin/xdg-open rPUx,
+
+ /usr/share/java/**.jar r,
+ /usr/share/hunspell/ r,
+ /usr/share/hunspell/** r,
+ /usr/share/hyphen/ r,
+ /usr/share/hyphen/** r,
+ /usr/share/mythes/ r,
+ /usr/share/mythes/** r,
+ /usr/share/liblangtag/ r,
+ /usr/share/liblangtag/** r,
+ /usr/share/libreoffice/ r,
+ /usr/share/libreoffice/** r,
+ /usr/share/yelp-xsl/xslt/mallard/** r,
+ /usr/share/libexttextcat/* r,
+ /usr/share/icu/** r,
+ /usr/share/locale-bundle/* r,
+
+ /var/spool/libreoffice/ r,
+ /var/spool/libreoffice/** rw,
+ /var/cache/fontconfig/ rw,
+
+ #Likely moving to abstractions in the future
+ owner @{HOME}/.icons/*/cursors/* r,
+ /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
+ /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
+ /usr/share/*-fonts/conf.avail/*.conf r,
+ /usr/share/fonts-config/conf.avail/*.conf r,
+ /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()
+ /{,var/}run/udev/data/{c,b}*:* r, # Solid::Device::description(), Solid::Device::listFromQuery()
+ @{PROC}/sys/kernel/random/boot_id r, # KRecentDocument::add() -> QSysInfo::bootUniqueId()
+
+ #To avoid "Unable to create io-slave." for file dialog
+ owner /{,var/}run/user/[0-9]*/#[0-9]* rw,
+ #For KIO IO::Slave::createSlave()
+ owner /{,var/}run/user/[0-9]*/soffice.bin*.slave-socket wl -> /{,var/}run/user/[0-9]*/#[0-9]*,
+
+ owner @{HOME}/.mozilla/firefox/profiles.ini r,
+ owner @{HOME}/.mozilla/firefox/*/secmod.db r,
+ # firefox < 58
+ owner @{HOME}/.mozilla/firefox/*/cert8.db r,
+ # firefox >= 58
+ owner @{HOME}/.mozilla/firefox/*/cert9.db r,
+
+ owner @{HOME}/.local/share/user-places.xbel r,
+
+ # there is abstractions/gnupg but that's just for gpg1...
+ profile gpg {
+ #include <abstractions/base>
+
+ /usr/bin/gpgconf rm,
+ /usr/bin/gpg rm,
+ /usr/bin/gpgsm rm,
+
+ owner @{HOME}/.gnupg/* r,
+ owner @{HOME}/.gnupg/random_seed rk,
+ }
+
+ # probably should become a subprofile like gpg above, but then it doesn't
+ # work either as it tries to access stuff only allowed above...
+ owner @{HOME}/.config/kdeglobals r,
+ /usr/lib/libreoffice/program/lo_kde5filepicker rPUx,
+ /usr/share/qt5/translations/* r,
+ /usr/lib/*/qt5/plugins/** rm,
+ /usr/share/plasma/look-and-feel/**/contents/defaults r,
+
+ # TODO: remove when rules are available in abstractions/kde
+ owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
+ owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
+ owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
+ owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
+ owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
+ owner @{HOME}/.config/trashrc r, # user by KFileWidget
+ /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
+
+ # TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
+ owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
+ # TODO: remove when rules are available in abstractions/kdeframeworks5 or similar
+ /usr/share/kservices5/*.protocol r,
+
+ # TODO: use qt5-settings-write abstraction when it is available
+ owner @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] rw,
+ owner @{HOME}/.config/QtProject.conf rw,
+ owner @{HOME}/.config/QtProject.conf.?????? l -> @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],
+ owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb
+ owner @{HOME}/.config/QtProject.conf.lock rwk,
+
+ # TODO: use qt5-compose-cache-write abstraction when it is available
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r,
+
+ # TODO: use recent-documents-write abstraction when it is available
+ owner @{HOME}/.local/share/RecentDocuments/** r,
+ owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
+ owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw,
+ owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
+ # TODO: use kde-globals-write abstraction when it is available
+ owner @{HOME}/.config/kdeglobals rw,
+ owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/kdeglobals.lock rwk,
+}
diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
new file mode 100644
index 000000000..f8bfbfe8f
--- /dev/null
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -0,0 +1,31 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+# Copyright (C) 2017 Software in the Public Interest, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Authors: Bryan Quigley <bryan.quigley@canonical.com>
+# Rene Engelhard <rene@debian.org>
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
+ #include <abstractions/base>
+
+ #include <abstractions/user-tmp>
+
+ /usr/share/poppler/** r,
+ /usr/share/libreoffice/share/config/* r,
+ owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
+
+ INSTDIR-program/xpdfimport pxm,
+
+ #Uncomment for build testing (should be one directory <- of instdir)
+ #/mnt/store/git/libo/** r,
+}
+