Commit b1e49132 authored by André Magalhães's avatar André Magalhães

Remove obsolete AppArmor abstraction usr.lib.libreoffice

Apertis: https://phabricator.apertis.org/T3602Signed-off-by: André Magalhães's avatarAndre Moreira Magalhaes (andrunko) <andre.magalhaes@collabora.co.uk>
Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D6687
parent 77c349d0
#include <tunables/global>
/usr/lib/libreoffice/program/soffice {
#include <abstractions/chaiwala-base>
#include <abstractions/bash>
#include <abstractions/nameservice>
# Shell script
/bin/dash ix,
/bin/grep rix,
/bin/sed rix,
/bin/uname rix,
/usr/bin/basename rix,
/usr/bin/dirname rix,
/etc/libreoffice/* r,
/proc/filesystems r,
/sys/devices/system/cpu/ r,
/usr/lib/libreoffice/program/oosplash px,
/usr/lib/libreoffice/program/soffice r,
}
/usr/lib/libreoffice/program/oosplash {
#include <abstractions/chaiwala-base>
#include <abstractions/nameservice>
/etc/libreoffice/* r,
/sys/devices/system/cpu/ r,
/usr/lib/libreoffice/program/soffice.bin px,
/usr/lib/libreoffice/program/oosplash mr,
}
# This is the *main* binary; "soffice" and "oosplash" are just wrappers around this
# LO has plenty of automagic deps, which need to be added with more testing.
/usr/lib/libreoffice/program/soffice.bin {
#include <abstractions/chaiwala-base>
#include <abstractions/chaiwala-media>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/fonts>
#include <abstractions/apertis-device-enumeration>
/bin/dash rix,
# LO executes this from paper-utils.
# We don't have (or need) a separate profile for this.
/usr/bin/paperconf rix,
/etc/papersize r,
owner /proc/*/auxv r,
/sys/devices/system/cpu/ r,
/usr/share/hunspell/ r,
/etc/libreoffice/* r,
/usr/share/libreoffice/** r,
# Misc config and temporary files
owner @{HOME}/.config/libreoffice/ rw,
owner @{HOME}/.config/libreoffice/** rwk,
owner /tmp/*.tmp/ rwlk,
owner /tmp/OSL_PIPE*SingleOfficeIPC* rwlk,
# Does only Libreoffice do this or should this go into the fonts abstraction?
owner @{HOME}/.cache/fontconfig/*.cache* w,
owner @{HOME}/.cache/fontconfig/CACHEDIR* w,
# Lo writes this stamp file on first startup. Harmless enough.
/var/spool/libreoffice/uno_packages/cache/stamp.sys w,
# LO tries to mkstemp and then exec this, but $HOME is noexec.
# The code carries on if the mmap fails, so it's okay to just deny it.
# TODO: File a bug with upstream to get them to fix this.
deny @{HOME}/.execooo* mrw,
# For some strange reason, LO tries to chmod this on first startup.
# There's no reason for this, and it doesn't cause problems, so we deny it.
deny /usr/lib/libreoffice/share/extensions/pdfimport/xpdfimport w,
/usr/lib/ure/lib/* mr,
/usr/lib/libreoffice/program/* mr,
# Apertis LO tests work directory
/var/tmp/chaiwala-tests/** rw,
}
etc/apparmor.d/abstractions
etc/apparmor.d/lib.systemd.systemd-logind
etc/apparmor.d/usr.lib.libreoffice
......@@ -5,3 +5,4 @@ rm_conffile /etc/apparmor.d/abstractions/chaiwala-user-read UNRELEASED chaiwala-
rm_conffile /etc/apparmor.d/abstractions/chaiwala-user-write UNRELEASED chaiwala-apparmor-profiles
rm_conffile /etc/apparmor.d/abstractions/dbus-daemon UNRELEASED chaiwala-apparmor-profiles
rm_conffile /etc/apparmor.d/tunables/chaiwala/chaiwala-user UNRELEASED chaiwala-apparmor-profiles
rm_conffile /etc/apparmor.d/usr.lib.libreoffice UNRELEASED chaiwala-apparmor-profiles
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment