AlaK4X
Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64



Your IP : 18.118.19.89


Current Path : /etc/apparmor.d/abstractions/
Upload File :
Current File : //etc/apparmor.d/abstractions/gio-open

# vim:syntax=apparmor

  abi <abi/3.0>,

# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gio helper.
#
# NOTE: most likely you want to use xdg-open abstraction instead for better
# portability across desktop environments, unless you are sure that confined
# application only uses /usr/bin/gio directly.
#
# Usage example:
#
# ```
# profile foo /usr/bin/foo {
# ...
# /usr/bin/gio rPx -> foo//gio-open,
# ...
# } # end of main profile
#
# # out-of-line child profile
# profile foo//gio-open {
#   include <abstractions/gio-open>
#
#   # needed for ubuntu-* abstractions
#   include <abstractions/ubuntu-helpers>
#
#   # Only allow to handle http[s]: and mailto: links
#   include <abstractions/ubuntu-browsers>
#   include <abstractions/ubuntu-email>
#
#   # < add additional allowed applications here >
# }

  include <abstractions/base>
  include <abstractions/dbus-session-strict>

  # Main executables

  /usr/bin/gio rix,
  /usr/bin/gio-launch-desktop ix, # for OpenSUSE
  /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop ix,

  # System files

  /etc/gnome/defaults.list r,
  /usr/share/mime/* r,
  /usr/share/{,*/}applications/{,**} r,
  /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
  /var/lib/snapd/desktop/applications/{,**} r,

  # User files

  owner @{HOME}/.config/mimeapps.list r,
  owner @{HOME}/.local/share/applications/{,*.desktop} r,
  owner @{PROC}/@{pid}/fd/ r,

  # Include additions to the abstraction
  include if exists <abstractions/gio-open.d>