apparmor-fixes

Gbp-Pq: Name apparmor-fixes.diff

diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash
index fef54b7ee384208e09c66ce9eb958e66d23d0ed3..bcc06914d112eb6ad7e3a06f8686c2a0ff427273 100644 (file)
--- a/sysui/desktop/apparmor/program.oosplash
+++ b/sysui/desktop/apparmor/program.oosplash
@@ -1,12 +1,14 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2016 Canonical Ltd.
+#    Copyright (C) 2018 Software in the Public Interest, Inc.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
 #    file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 #    Author: Bryan Quigley <bryan.quigley@canonical.com>
+#            Rene Engelhard <rene@debian.org>
 #
 # ------------------------------------------------------------------
 
@@ -14,12 +16,14 @@
 
 profile libreoffice-oopslash INSTDIR-program/oosplash {
   #include <abstractions/base>
+  #include <abstractions/X>
 
   /etc/libreoffice/                     r,
   /etc/libreoffice/**                   r,
   /etc/passwd                           r,
   /etc/nsswitch.conf                    r,
   /run/nscd/passwd                      r,
+  /sys/devices/{virtual,pci[0-9]*}/**/queue/rotational  r, # for isRotational() in desktop/unx/source/pagein.c
   /usr/lib{,32,64}/ure/bin/javaldx      rmpux,
   /usr/share/libreoffice/program/*      r,
   INSTDIR-program/**                   r,

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index ff2c4b08cd4b21ea29d1ba755581f26c6d0da227..08091a03800528f44c8e5235c4178222b4e2a126 100644 (file)
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2016 Canonical Ltd.
-#    Copyright (C) 2017 Software in the Public Interest, Inc.
+#    Copyright (C) 2018 Software in the Public Interest, Inc.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -63,7 +63,7 @@
 #include <tunables/global>
 
 profile libreoffice-soffice INSTDIR-program/soffice.bin {
-  #include <abstractions/private-files-strict>
+  #include <abstractions/private-files>
 
   #include <abstractions/audio>
   #include <abstractions/bash>
@@ -123,6 +123,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
 
   /usr/lib{,32,64}/jvm/                         r,
   /usr/lib{,32,64}/jvm/**                       r,
+  /usr/lib{,32,64}/jvm/**/jre/bin/java          mix,
   INSTDIR-**                        rw,
   INSTDIR-**.so                     m,
   INSTDIR-program/soffice.bin       mix,
@@ -152,6 +153,11 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
 
   #Likely moving to abstractions in the future
   owner @{HOME}/.icons/*/cursors/*      r,
+  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
+
+  owner @{HOME}/.mozilla/firefox/profiles.ini r,
+  owner @{HOME}/.mozilla/firefox/*/secmod.db r,
+  owner @{HOME}/.mozilla/firefox/*/cert8.db r,
 }