wrote apparmor profile for torbrowser-launcher itself (#72)

author Micah Lee <micah@micahflee.com>

Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)

committer Micah Lee <micah@micahflee.com>

Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)
author Micah Lee <micah@micahflee.com>
Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)
committer Micah Lee <micah@micahflee.com>
Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher

new file mode 100644 (file)

index 0000000..6f253ea
--- /dev/null
+++ b/apparmor/usr.bin.torbrowser-launcher
@@ -0,0 +1,58 @@
+# Last Modified: Thu Jan  2 15:12:38 2014
+#include <tunables/global>
+
+/usr/bin/torbrowser-launcher {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/python>
+  
+  capability sys_ptrace,
+
+  #/bin/{dash,grep,ps} rix,
+  /dev/ r,
+  /dev/pts/ r,
+  /etc/magic r,
+  /etc/fonts/** r,
+  /var/cache/fontconfig/* r,
+  /usr/share/fonts/ r,
+  @{HOME}/.Xauthority r,
+  @{HOME}/.cache/fontconfig/e2d80dc3d99bd64349f910b1f0a35039-le64.cache-4 r,
+  @{HOME}/.config/pulse/cookie rk,
+  @{HOME}/.local/share/fonts/ r,
+  @{HOME}/.torbrowser/ rw,
+  @{HOME}/.torbrowser/** mrwk,
+  @{HOME}/.torbrowser/gnupg_homedir/* l,
+  @{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/start-tor-browser ux,
+  @{PROC}/ r,
+  @{PROC}/*/cmdline r,
+  @{PROC}/*/maps r,
+  @{PROC}/*/mountinfo r,
+  @{PROC}/*/mounts r,
+  @{PROC}/*/stat r,
+  @{PROC}/*/status r,
+  @{PROC}/*/task/** r,
+  @{PROC}/filesystems r,
+  @{PROC}/meminfo r,
+  @{PROC}/sys/kernel/pid_max r,
+  @{PROC}/tty/drivers r,
+  @{PROC}/uptime r,
+  /usr/bin/ r,
+  /usr/bin/{gpg,wmctrl,dirname,expr,file,getconf,id,dash,grep,ps} rix,
+  /usr/bin/python2.7 rix,
+  /usr/bin/torbrowser-launcher rux,
+  /usr/lib{,32,64}/** mr,
+  /usr/local/share/fonts/ r,
+  /usr/local/share/fonts/** r,
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
+  /usr/share/fonts/** r,
+  /usr/share/icons/ r,
+  /usr/share/icons/** r,
+  /usr/share/mime/ r,
+  /usr/share/mime/* r,
+  /usr/share/pixmaps/ r,
+  /usr/share/pixmaps/torbrowser{32,80}.xpm r,
+  /usr/share/themes/** r,
+  /usr/share/torbrowser-launcher/** r,
+
+}
diff --git a/setup.py b/setup.py

index 6d586f8c97b2b6eb0055bd04fdaccd7d8589c5a6..8114ed5746d2f62fdaa80f8d53ece14be75f848c 100644 (file)
--- a/setup.py
+++ b/setup.py
@@ -58,7 +58,7 @@ Tor Browser Launcher will get updated each time a new version of TBB is released
                    ('/usr/share/pixmaps', ['img/torbrowser32.xpm', 'img/torbrowser80.xpm']),
                    ('/usr/share/torbrowser-launcher', ['keys/erinn.asc', 'keys/sebastian.asc', 'keys/alexandre.asc', 'keys/mike.asc', 'keys/mike-2013-09.asc', 'torproject.pem', 'mirrors.txt', 'modem.ogg']),
                    ('/usr/share/torbrowser-launcher/locale/en', ['locale/en/messages.pot']),
-                  ('/etc/apparmor.d/', ['apparmor/torbrowser.Browser.firefox', 'apparmor/torbrowser.start-tor-browser', 'apparmor/torbrowser.Tor.tor']),
+                  ('/etc/apparmor.d/', ['apparmor/torbrowser.Browser.firefox', 'apparmor/torbrowser.start-tor-browser', 'apparmor/torbrowser.Tor.tor', 'apparmor/usr.bin.torbrowser-launcher']),
  
                    # unpackaged third party libraries
                    ('/usr/share/torbrowser-launcher/lib/txsocksx', file_list('lib/txsocksx-0.0.2/txsocksx')),
author	Micah Lee <micah@micahflee.com>
	Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)
committer	Micah Lee <micah@micahflee.com>
	Thu, 2 Jan 2014 23:55:30 +0000 (15:55 -0800)
apparmor/usr.bin.torbrowser-launcher	[new file with mode: 0644]	patch \| blob
setup.py		patch \| blob \| history