apparmor/torbrowser.Browser.firefox

   1 #include <tunables/global>
   2
   3 @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/firefox {
   4   #include <abstractions/base>
   5   #include <abstractions/user-tmp>
   6
   7   network tcp,
   8
   9   deny /etc/host.conf r,
  10   deny /etc/hosts r,
  11   deny /etc/nsswitch.conf r,
  12   deny /etc/resolv.conf r,
  13   deny /proc/9881/mountinfo r,
  14   deny @{HOME}/.config/user-dirs.dirs r,
  15   deny @{HOME}/.gtk-bookmarks r,
  16   deny @{HOME}/.local/share/recently-used.xbel* rw,
  17
  18   /bin/dash rix,
  19   /dev/dri/card0 rw,
  20   /etc/X11/cursors/* r,
  21   /etc/drirc r,
  22   /etc/fonts/** r,
  23   /etc/gnome/defaults.list r,
  24   /etc/gnome-vfs-2.0/modules/ r,
  25   /etc/gnome-vfs-2.0/modules/default-modules.conf r,
  26   /etc/gnome-vfs-2.0/modules/extra-modules.conf r,
  27   /etc/mailcap r,
  28   /etc/mime.types r,
  29   /etc/passwd r,
  30   /lib{,32,64}/*.so mr,
  31   /lib{,32,64}/*.so.* mr,
  32   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/ w,
  33   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/** w,
  34   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/.mozilla/ w,
  35   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/.mozilla/*/ w,
  36   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/** r,
  37   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
  38   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
  39   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
  40   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
  41   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Data/Browser/ r,
  42   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Data/Browser/** rwk,
  43   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Desktop/ rw,
  44   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Desktop/** rw,
  45   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Downloads/ rw,
  46   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Downloads/** rw,
  47   @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/Tor/tor Px,
  48   @{HOME}/.Xauthority r,
  49   /run/gdm3/** r,
  50   /sys/devices/system/cpu/present r,
  51   /tmp/.X0-lock r,
  52   /usr/lib{,32,64}/** mr,
  53   /usr/local/share/fonts/ r,
  54   /usr/share/ r,
  55   /usr/share/applications/*.desktop r,
  56   /usr/share/applications/mimeinfo.cache r,
  57   /usr/share/fonts/ r,
  58   /usr/share/fonts/** r,
  59   /usr/share/gvfs/remote-volume-monitors/ r,
  60   /usr/share/gvfs/remote-volume-monitors/afc.monitor r,
  61   /usr/share/gvfs/remote-volume-monitors/gdu.monitor r,
  62   /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r,
  63   /usr/share/icons/ r,
  64   /usr/share/icons/** r,
  65   /usr/share/mime/ r,
  66   /usr/share/mime/** r,
  67   /usr/share/pixmaps/ r,
  68   /usr/share/poppler/** r,
  69   /usr/share/themes/** r,
  70   /var/cache/fontconfig/* r,
  71   owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini r,
  72   owner @{HOME}/.icons/ r,
  73   owner @{HOME}/.icons/** r,
  74   owner @{HOME}/.local/share/icons/ r,
  75   owner @{HOME}/.themes/** r,
  76   @{PROC}/[0-9]*/maps r,
  77   @{PROC}/[0-9]*/mounts r,
  78   @{PROC}/[0-9]*/stat r,
  79   @{PROC}/[0-9]*/task/*/stat r,
  80   @{PROC}/cpuinfo r,
  81   @{PROC}/filesystems r,
  82   @{PROC}/meminfo r,
  83   @{PROC}/stat r,
  84
  85   dbus,
  86
  87   /usr/share/glib-2.0/schemas/gschemas.compiled r,
  88   /usr/share/gvfs/remote-volume-monitors/* r,
  89   owner /{,var/}run/user/*/dconf/user rw,
  90
  91 }