AppArmor for skypealpha usr.bin.skypeforlinux
The snippet can be accessed without any authentication.
Authored by
Sebastian Żmijewski
usr.bin.skypeforlinux 2.17 KiB
#include <tunables/global>
/usr/bin/skypeforlinux {
#include <abstractions/audio>
#include <abstractions/consoles>
#include <abstractions/dbus-session>
#include <abstractions/gnome>
#include <abstractions/kde>
#include <abstractions/nameservice>
#include <abstractions/video>
# Executables
/usr/bin/skypeforlinux ixmr,
/usr/bin/readlink PUxmr,
/usr/bin/dirname PUxmr,
/usr/bin/mkdir PUxmr,
/usr/bin/nohup PUxmr,
/usr/lib{,32}/skype/skype ixmr,
/usr/bin/xdg-open PUxmr,
/usr/bin/kde4-config PUxmr,
# Configuration files
owner @{HOME}/.config/skypeforlinux rw,
owner @{HOME}/.config/skypeforlinux/** krw,
# Downloads/uploads directory
owner @{HOME}/Public/ rw,
owner @{HOME}/Public/** krw,
# Libraries
/usr/lib{,32}/libv4l/v4l2convert.so mr,
/usr/share/skype/lib/libQtWebKit.so.4 mr,
# Shared data
/usr/share/skype/ r,
/usr/share/skype/** r,
# Devices
/dev/ r,
/dev/video[0-9]* mrw,
# System information
/etc/machine-id r,
@{PROC}/sys/kernel/{ostype,osrelease} r,
@{PROC}/sys/vm/overcommit_memory r,
@{PROC}/[0-9]*/net/arp r,
owner @{PROC}/[0-9]*/cmdline r,
owner @{PROC}/[0-9]*/status r,
owner @{PROC}/[0-9]*/task/ r,
owner @{PROC}/[0-9]*/task/[0-9]*/stat r,
owner @{PROC}/[0-9]*/fd/ r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_{cur_freq,max_freq} r,
/sys/devices/pci*/*/usb[0-9]*/*/*/modalias r,
/sys/devices/pci*/*/usb[0-9]*/*/*/video4linux/video[0-9]*/dev r,
/sys/devices/pci*/*/usb[0-9]*/*/{idVendor,idProduct,speed} r,
# This probably should go to appropriate abstractions
/etc/asound.conf r,
owner @{HOME}/.config/fontconfig/fonts.conf r,
owner @{HOME}/.config/gtk-3.0/bookmarks r,
owner @{HOME}/.config/oxygen-gtk/argb-apps.conf rw,
owner @{HOME}/.config/pulse/cookie krw,
owner @{HOME}/.icons/** r,
owner @{HOME}/.kde4/share/config/kdeglobals krw,
owner @{HOME}/.kde4/share/config/gtkrc-2.0 r,
owner @{HOME}/.kde4/share/config/oxygenrc r,
/usr/share/icons/*/index.theme kr,
/usr/share/nvidia/nvidia-application-profiles-*-rc r,
# Denials
deny owner @{HOME}/.mozilla/ r,
deny owner @{HOME}/.mozilla/** r,
deny /sys/devices/virtual/dmi/** r,
}
Please register or sign in to comment