From: Vincas Dargis <vindrg@gmail.com>
Date: Sat, 4 Aug 2018 14:40:05 +0000 (+0300)
Subject: [PATCH] apparmor: use dri-enumerate abstraction
X-Git-Tag: archive/raspbian/1%7.0.4-4+rpi1+deb11u13^2~55
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1827bb1c56fecf4f942d907971e0611fd6589ebb;p=libreoffice.git

[PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699

Gbp-Pq: Name apparmor-cleanups.diff
---

diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
index d659ec9b98b..969130f4ea9 100644
--- a/sysui/desktop/apparmor/program.senddoc
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -17,8 +17,8 @@
 profile libreoffice-senddoc INSTDIR-program/senddoc {
   #include <abstractions/base>
 
-  owner /tmp/lu**       rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                               #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /{usr/,}bin/sh        rmix,
   /{usr/,}bin/bash      rmix,
   /{usr/,}bin/dash      rmix,
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 9e99d140e0d..61dad377ebb 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -84,6 +84,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
   #include <abstractions/dbus-accessibility>
+  #include <abstractions/dri-enumerate>
   #include <abstractions/ibus>
   #include <abstractions/nameservice>
   #include <abstractions/gnome>
@@ -92,6 +93,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #include <abstractions/python>
   #include <abstractions/p11-kit>
 
+  #include <abstractions/user-tmp>
+
   #List directories for file browser
   /                                     r,
   /**/                                  r,
@@ -116,7 +119,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   owner @{HOME}/.config/soffice.binrc.lock rwk,
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
-  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
 
   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
@@ -186,7 +188,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   #Likely moving to abstractions in the future
   owner @{HOME}/.icons/*/cursors/*      r,
   /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
-  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
   /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()
diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
index efe10dce020..f8bfbfe8fa4 100644
--- a/sysui/desktop/apparmor/program.xpdfimport
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -17,9 +17,8 @@
 profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
   #include <abstractions/base>
 
-  owner /tmp/*              r,     #Seems to need to read file created with pattern /tmp/RRRRRR
-  owner /tmp/lu**           rw,    #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
-                                   #Note, usually it's lub or luc, don't know why.
+  #include <abstractions/user-tmp>
+
   /usr/share/poppler/**     r,
   /usr/share/libreoffice/share/config/* r,
   owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,