[Pkg-privacy-commits] [torbrowser-launcher] 13/59: AppArmor (refactoring): extract often used paths into variables.
Roger Shimizu
rogershimizu at gmail.com
Mon Jan 29 13:43:57 UTC 2018
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit 33502fa03669c009c4344eb825f1d58c95f1e929
Author: intrigeri <intrigeri at boum.org>
Date: Sat Jun 17 09:49:55 2017 +0000
AppArmor (refactoring): extract often used paths into variables.
---
apparmor/torbrowser.Browser.firefox | 51 ++++++++++++++--------------
apparmor/torbrowser.Browser.plugin-container | 31 +++++++++--------
apparmor/tunables/torbrowser | 2 ++
setup.py | 13 ++++---
4 files changed, 52 insertions(+), 45 deletions(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index c8662ca..d03ab1a 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -1,4 +1,5 @@
#include <tunables/global>
+#include <tunables/torbrowser>
/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
#include <abstractions/gnome>
@@ -33,31 +34,31 @@
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/* r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/.** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/update.test/ rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/ rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/plugin-container px -> torbrowser_plugin_container,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor px,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/libstdc++.so.6 m,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/ rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Downloads/ rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Downloads/** rwk,
+ owner @{torbrowser_installation_dir}/ r,
+ owner @{torbrowser_installation_dir}/* r,
+ owner @{torbrowser_installation_dir}/.** rwk,
+ owner @{torbrowser_installation_dir}/update.test/ rwk,
+ owner @{torbrowser_home_dir}/.** rwk,
+ owner @{torbrowser_home_dir}/ rw,
+ owner @{torbrowser_home_dir}/** rw,
+ owner @{torbrowser_home_dir}.bak/ rwk,
+ owner @{torbrowser_home_dir}.bak/** rwk,
+ owner @{torbrowser_home_dir}/*.so mr,
+ owner @{torbrowser_home_dir}/components/*.so mr,
+ owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/firefox rix,
+ owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/ r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/** rwk,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/tor px,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/libstdc++.so.6 m,
+ owner @{torbrowser_home_dir}/Desktop/ rw,
+ owner @{torbrowser_home_dir}/Desktop/** rwk,
+ owner @{torbrowser_home_dir}/Downloads/ rw,
+ owner @{torbrowser_home_dir}/Downloads/** rwk,
/etc/mailcap r,
/etc/mime.types r,
diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
index 6650431..96c6a2b 100644
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -1,4 +1,5 @@
#include <tunables/global>
+#include <tunables/torbrowser>
profile torbrowser_plugin_container {
#include <abstractions/gnome>
@@ -20,21 +21,21 @@ profile torbrowser_plugin_container {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.dat r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.manifest r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/** r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/defaults/pref/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/defaults/pref/*.js r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/fonts/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/fonts/** r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/omni.ja r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/plugin-container ixmr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/fontconfig/fonts.conf r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/libstdc++.so.6 mr,
+ owner @{torbrowser_home_dir}/*.dat r,
+ owner @{torbrowser_home_dir}/*.manifest r,
+ owner @{torbrowser_home_dir}/*.so mr,
+ owner @{torbrowser_home_dir}/browser/** r,
+ owner @{torbrowser_home_dir}/components/*.so mr,
+ owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/defaults/pref/ r,
+ owner @{torbrowser_home_dir}/defaults/pref/*.js r,
+ owner @{torbrowser_home_dir}/fonts/ r,
+ owner @{torbrowser_home_dir}/fonts/** r,
+ owner @{torbrowser_home_dir}/omni.ja r,
+ owner @{torbrowser_home_dir}/plugin-container ixmr,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/libstdc++.so.6 mr,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
diff --git a/apparmor/tunables/torbrowser b/apparmor/tunables/torbrowser
new file mode 100644
index 0000000..9b31139
--- /dev/null
+++ b/apparmor/tunables/torbrowser
@@ -0,0 +1,2 @@
+@{torbrowser_installation_dir}=@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*
+@{torbrowser_home_dir}=@{torbrowser_installation_dir}/Browser
diff --git a/setup.py b/setup.py
index d0dce9f..4dd980b 100644
--- a/setup.py
+++ b/setup.py
@@ -71,11 +71,14 @@ for root, dirs, files in os.walk(SHARE):
if distro != 'Ubuntu':
if not hasattr(sys, 'real_prefix'):
# we're not in a virtualenv, so we can probably write to /etc
- datafiles += [('/etc/apparmor.d/', [
- 'apparmor/torbrowser.Browser.firefox',
- 'apparmor/torbrowser.Browser.plugin-container',
- 'apparmor/torbrowser.Tor.tor',
- 'apparmor/usr.bin.torbrowser-launcher'])]
+ datafiles += [
+ ('/etc/apparmor.d/', [
+ 'apparmor/torbrowser.Browser.firefox',
+ 'apparmor/torbrowser.Browser.plugin-container',
+ 'apparmor/torbrowser.Tor.tor',
+ 'apparmor/usr.bin.torbrowser-launcher']),
+ ('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
+ ]
datafiles += [('/usr/share/locale/', create_mo_files())]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list