snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
void-packages/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio

133 lines
3.8 KiB
Plaintext
Raw Permalink Blame History

# vim:syntax=apparmor
abi <abi/3.0>,
include <tunables/global>
profile pulseaudio /usr/bin/pulseaudio {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dbus-session>
include <abstractions/dbus-strict>
include <abstractions/nameservice>
include <abstractions/X>
dbus send
bus=system
path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.RealtimeKit1
member={MakeThreadRealtime,MakeThreadHighPriority}
peer=(name=org.freedesktop.RealtimeKit1),
dbus send
bus=system
path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.DBus.Properties
member=Get,
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
ptrace (read,trace) peer=@{profile_name},
signal (send) peer=pulseaudio//pulse-gsettings-helper,
/usr/bin/pulseaudio mixr,
/etc/pulse/ r,
/etc/pulse/* r,
/etc/udev/udev.conf r,
/etc/timidity/.pulse_cookie w,
/etc/asound.conf r,
owner @{HOME}/.esd_auth rwk,
owner @{HOME}/.pulse-cookie rwk,
owner @{HOME}/.config/pulse/cookie rwk,
owner @{HOME}/{.config/pulse,.pulse}/ rw,
owner @{HOME}/{.config/pulse,.pulse}/* rw,
owner /run/pulse/ rw,
owner /run/pulse/.pulse-cookie rwk,
owner /run/pulse/dbus-socket rwk,
owner /run/pulse/native rwk,
owner /run/pulse/pid rwk,
owner /run/user/[0-9]*/pulse/ rw,
owner /run/user/[0-9]*/pulse/* rwk,
/run/udev/data/+sound:card* r,
/run/udev/data/c116:[0-9]* r,
/run/udev/data/c14:[0-9]* r,
# logind
/run/user/[0-9]*/dconf/user k,
/sys/bus/ r,
/sys/class/ r,
/sys/class/sound/ r,
/sys/devices/pci[0-9]*/**/*class r,
/sys/devices/pci[0-9]*/**/uevent r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/online r,
/sys/devices/virtual/dmi/id/bios_vendor r,
/sys/devices/virtual/dmi/id/board_vendor r,
/sys/devices/virtual/dmi/id/sys_vendor r,
/sys/devices/virtual/sound/**/uevent r,
/usr/share/alsa/** r,
/usr/share/pulseaudio/** r,
/usr/lib/pulse-[1-9]*.[0-9]/modules/*.so mr,
/usr/libexec/pulse/gsettings-helper Cx,
/usr/{,local/}share/applications/ r,
/usr/{,local/}share/applications/* r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}applications/ r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}applications/* r,
/var/lib/flatpak/exports/share/applications/ r,
/var/lib/flatpak/exports/share/applications/* r,
owner /var/lib/gdm3/.config/pulse/ rw,
owner /var/lib/gdm3/.config/pulse/* rw,
owner /var/lib/gdm3/.config/pulse/cookie rwk,
owner /var/lib/lightdm/.Xauthority r,
owner /var/lib/lightdm/.esd_auth rwk,
owner /var/lib/lightdm/.config/pulse/cookie rwk,
owner /var/lib/lightdm/.config/pulse/ rw,
owner /var/lib/lightdm/.config/pulse/* rw,
# are these needed?
/var/lib/pulse/ rw,
/var/lib/pulse/*-default-sink rw,
/var/lib/pulse/*-default-source rw,
/var/lib/pulse/*.tdb rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/{maps,mountinfo,stat} r,
owner /tmp/pulse-*/pid rwk,
owner /tmp/pulse-*/native rwk,
owner /tmp/pulse-*/autospawn.lock rwk,
owner /run/user/*/pulse/autospawn.lock rwk,
owner /tmp/orcexec.* mrw,
owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
# needed if /tmp is mounted noexec:
owner @{HOME}/orcexec.* mrw,
owner /tmp/.esd-@{pid}*/ rw,
owner /tmp/.esd-@{pid}*/socket rw,
profile pulse-gsettings-helper /usr/libexec/pulse/gsettings-helper {
include <abstractions/base>
include <abstractions/gnome>
include <abstractions/dconf>
/usr/libexec/pulse/gsettings-helper mr,
owner /{,var/}run/user/*/dconf/user rw,
owner @{HOME}/.config/dconf/user rw,
owner @{PROC}/@{pid}/fd/ r,
signal (receive) peer=pulseaudio,
}
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.pulseaudio>
}
Reference in New Issue View Git Blame Copy Permalink