apparmor: update program.soffice.bin for KDE

Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian Buster with KDE desktop. Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3 Reviewed-on: https://gerrit.libreoffice.org/58702 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de> Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>

apparmor: update program.soffice.bin for KDE
Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian Buster with KDE desktop. Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3 Reviewed-on: https://gerrit.libreoffice.org/58702 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de> Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
c86e4ad5 · Vincas Dargis · Katarina Behrens · 9f4d23c1 · c86e4ad5
Kaydet (Commit) c86e4ad5 authored Agu 07, 2018 tarafından Vincas Dargis Kaydeden (comit) Katarina Behrens Agu 14, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 0 deletions

program.soffice.bin sysui/desktop/apparmor/program.soffice.bin +50 -0

No files found.
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -98,6 +98,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
  owner @{libo_user_dirs}/**~lock.*     rw,  #lock file support
  owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk,  #Open files rw with the right exts
  owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving
+  owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE

  # Settings
  /etc/libreoffice/                     r,
@@ -107,6 +108,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
  /proc/*/status                        r,

  owner @{HOME}/.config/libreoffice{,dev}/** rwk,
+  owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
+  owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
+  owner @{HOME}/.config/soffice.binrc.lock rwk,
  owner @{HOME}/.cache/fontconfig/**    rw,
  owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
  owner @{HOME}/.recently-used          rwk,
@@ -174,9 +178,18 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {

  #Likely moving to abstractions in the future
  owner @{HOME}/.icons/*/cursors/*      r,
+  /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
  /usr/share/*-fonts/conf.avail/*.conf  r,
  /usr/share/fonts-config/conf.avail/*.conf r,
+  /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()
+  /{,var/}run/udev/data/{c,b}*:* r, # Solid::Device::description(), Solid::Device::listFromQuery()
+  @{PROC}/sys/kernel/random/boot_id r, # KRecentDocument::add() -> QSysInfo::bootUniqueId()
+
+  #To avoid "Unable to create io-slave." for file dialog
+  owner /{,var/}run/user/[0-9]*/#[0-9]* rw,
+  #For KIO IO::Slave::createSlave()
+  owner /{,var/}run/user/[0-9]*/soffice.bin*.slave-socket wl ->  /{,var/}run/user/[0-9]*/#[0-9]*,

  owner @{HOME}/.mozilla/firefox/profiles.ini r,
  owner @{HOME}/.mozilla/firefox/*/secmod.db r,
@@ -184,6 +197,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
  owner @{HOME}/.mozilla/firefox/*/cert8.db r,
  # firefox >= 58
  owner @{HOME}/.mozilla/firefox/*/cert9.db r,
+
+  owner @{HOME}/.local/share/user-places.xbel r,
+
  # there is abstractions/gnupg but that's just for gpg1...
  profile gpg {
    #include <abstractions/base>
@@ -204,4 +220,38 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
  /usr/lib/*/qt5/plugins/** rm,
  /usr/share/plasma/look-and-feel/**/contents/defaults r,

+  # TODO: remove when rules are available in abstractions/kde
+  owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
+  owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
+  owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
+  owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
+  owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
+  owner @{HOME}/.config/trashrc r, # user by KFileWidget
+  /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
+
+  # TODO: remove when rules are available in abstactions/kde-write-icon-cache or similar
+  owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
+  # TODO: remove when rules are available in abstractions/kdeframeworks5 or simiar
+  /usr/share/kservices5/*.protocol r,
+
+  # TODO: use qt5-settings-write abstraction when it is available
+  owner @{HOME}/.config/QtProject.conf rw,
+  owner @{HOME}/.config/QtProject.conf.?????? l -> @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],
+  owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb
+  owner @{HOME}/.config/QtProject.conf.lock rwk,
+
+  # TODO: use qt5-compose-cache-write abstraction when it is available
+  owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r,
+
+  # TODO: use recent-documents-write abstaction when it is available
+  owner @{HOME}/.local/share/RecentDocuments/** r,
+  owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
+  owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw,
+  owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
+  # TODO: use kde-globals-write abstraction when it is available
+  owner @{HOME}/.config/kdeglobals rw,
+  owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*,
+  owner @{HOME}/.config/kdeglobals.lock rwk,
 }