AppArmor: refactor thanks to variables defined in tunables/torbrowser.

author intrigeri <intrigeri@boum.org>

Mon, 29 Jan 2018 07:59:51 +0000 (07:59 +0000)

committer intrigeri <intrigeri@boum.org>

Mon, 29 Jan 2018 08:24:13 +0000 (08:24 +0000)
author intrigeri <intrigeri@boum.org>
Mon, 29 Jan 2018 07:59:51 +0000 (07:59 +0000)
committer intrigeri <intrigeri@boum.org>
Mon, 29 Jan 2018 08:24:13 +0000 (08:24 +0000)
diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor

index ee53ba976599a8be98aa11446c79cedb16d4c840..109eaf5223bc258d2c5a0470b5ec7782d9251848 100644 (file)
--- a/apparmor/torbrowser.Tor.tor
+++ b/apparmor/torbrowser.Tor.tor
@@ -1,4 +1,5 @@
  #include <tunables/global>
+#include <tunables/torbrowser>
  
  /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor {
    #include <abstractions/base>
@@ -11,19 +12,19 @@
    /etc/nsswitch.conf r,
    /etc/passwd r,
    /etc/resolv.conf r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/ rw,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/* rw,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/lock rwk,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so.* mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/* rw,
+  owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
+  owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
  
    # Silence file_inherit logs
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}features/*.xpi r,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/.parentlock rw,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+  deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
+  deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
  
    @{PROC}/sys/kernel/random/uuid r,
    /sys/devices/system/cpu/ r,
author	intrigeri <intrigeri@boum.org>
	Mon, 29 Jan 2018 07:59:51 +0000 (07:59 +0000)
committer	intrigeri <intrigeri@boum.org>
	Mon, 29 Jan 2018 08:24:13 +0000 (08:24 +0000)