[PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699

Gbp-Pq: Name apparmor-cleanups.diff

diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
index d659ec9b98b35f09cacf4ba5a342fa5d799e2a36..969130f4ea9086e596179b670b19d1be49830958 100644 (file)
--- a/sysui/desktop/apparmor/program.senddoc
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -17,8 +17,8 @@
 profile libreoffice-senddoc INSTDIR-program/senddoc {
   #include <abstractions/base>
 
-  owner /tmp/lu**       rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                               #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /{usr/,}bin/sh        rmix,
   /{usr/,}bin/bash      rmix,
   /{usr/,}bin/dash      rmix,

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index fd6272d31e681db3d0117a5e8fba47fb59db50bb..7db865887908fd0b157a2a22d83c7a21ad9b1dba 100644 (file)
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -86,6 +86,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
   #include <abstractions/dbus-accessibility>
+  #include <abstractions/dri-enumerate>
   #include <abstractions/ibus>
   #include <abstractions/nameservice>
   #include <abstractions/gnome>
@@ -94,6 +95,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #include <abstractions/python>
   #include <abstractions/p11-kit>
 
+  #include <abstractions/user-tmp>
+
   #List directories for file browser
   /                                     r,
   /**/                                  r,
@@ -118,7 +121,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   owner @{HOME}/.config/soffice.binrc.lock rwk,
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
-  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
 
   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
@@ -188,7 +190,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #Likely moving to abstractions in the future
   owner @{HOME}/.icons/*/cursors/*      r,
   /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
-  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
   /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()

diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
index efe10dce020dd349deb7f33660efe4c4bb2ada66..f8bfbfe8fa49b7c7975f5e517c42f6b7843c247d 100644 (file)
--- a/sysui/desktop/apparmor/program.xpdfimport
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -17,9 +17,8 @@
 profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
   #include <abstractions/base>
 
-  owner /tmp/*              r,     #Seems to need to read file created with pattern /tmp/RRRRRR
-  owner /tmp/lu**           rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                                   #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /usr/share/poppler/**     r,
   /usr/share/libreoffice/share/config/* r,
   owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,