AppArmor: allow start-tor-browser read access on dash.

[torbrowser-launcher.git] / apparmor / torbrowser.start-tor-browser

diff --git a/apparmor/torbrowser.start-tor-browser b/apparmor/torbrowser.start-tor-browser
index d01a1fc964dccc650f0eabf699d5b9673721186f..78fcb1b8b3f879c728b8c9f8ed93b4491f973cf0 100644 (file)
--- a/apparmor/torbrowser.start-tor-browser
+++ b/apparmor/torbrowser.start-tor-browser
@@ -1,25 +1,32 @@
 #include <tunables/global>
 
-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser {
+/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser {
   #include <abstractions/base>
   #include <abstractions/bash>
+  #include <abstractions/fonts>
+  #include <abstractions/freedesktop.org>
 
   capability sys_ptrace,
 
 
   /bin/cat rix,
   /bin/bash r,
-  /bin/dash ix,
+  /bin/dash rix,
   /bin/grep rix,
+  /bin/ln rix,
+  /bin/mkdir rix,
   /bin/ps rix,
   /bin/readlink ix,
   /bin/sed rix,
   /dev/pts/[0-9]* rw,
   /dev/tty rw,
   /etc/magic r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ w,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ibus/ w,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ibus/bus w,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox Px,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser r,
   @{PROC}/ r,
   @{PROC}/[0-9]*/status r,
   @{PROC}/[0-9]*/stat r,