AppArmor: add support for Tor Browser 4.x's paths.

author intrigeri <intrigeri@boum.org>

Thu, 14 Aug 2014 17:15:44 +0000 (17:15 +0000)

committer intrigeri <intrigeri@boum.org>

Thu, 14 Aug 2014 17:54:48 +0000 (17:54 +0000)
author intrigeri <intrigeri@boum.org>
Thu, 14 Aug 2014 17:15:44 +0000 (17:15 +0000)
committer intrigeri <intrigeri@boum.org>
Thu, 14 Aug 2014 17:54:48 +0000 (17:54 +0000)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox

index 8f3c776a1c6c23d0c78793d0d858b24512798ed2..41b1a7123efacf0fcd17cce51538d11f2a5ceb7b 100644 (file)
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -42,20 +42,21 @@
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/* r,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/.** rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.** rwk,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** r,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/profiles.ini r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/profile.default/** rwk,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Tor/* rwk,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/* mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor Px,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/ r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/** rwk,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/ r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/** rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profiles.ini r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/** rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/* mr,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor Px,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/ r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/** rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/ r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/** rwk,
  
    /etc/mailcap r,
    /etc/mime.types r,
diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor

index 706593d00eed45707bfef685716ca01d0937afc9..d9c805d6052e942a4fc28c7e4acdaca876d7708c 100644 (file)
--- a/apparmor/torbrowser.Tor.tor
+++ b/apparmor/torbrowser.Tor.tor
@@ -1,6 +1,6 @@
  #include <tunables/global>
  
-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor {
+/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor {
    #include <abstractions/base>
  
    network tcp,
@@ -10,9 +10,9 @@
    /etc/nsswitch.conf r,
    /etc/passwd r,
    /etc/resolv.conf r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Tor/* rw,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Tor/lock rwk,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor mr,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rw,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock rwk,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so mr,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so.* mr,
    @{PROC}/meminfo r,
diff --git a/apparmor/torbrowser.start-tor-browser b/apparmor/torbrowser.start-tor-browser

index d01a1fc964dccc650f0eabf699d5b9673721186f..c18c8bd6c684721097c9838c7e0e03d63880ab63 100644 (file)
--- a/apparmor/torbrowser.start-tor-browser
+++ b/apparmor/torbrowser.start-tor-browser
@@ -1,6 +1,6 @@
  #include <tunables/global>
  
-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser {
+/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser {
    #include <abstractions/base>
    #include <abstractions/bash>
  
@@ -18,8 +18,8 @@
    /dev/tty rw,
    /etc/magic r,
    owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox Px,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor r,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor r,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser r,
    @{PROC}/ r,
    @{PROC}/[0-9]*/status r,
    @{PROC}/[0-9]*/stat r,
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher

index 610bfd520baa2b2691f3438e41e0c6ccac4fafec..424aa5adf086570a2eb9d0e009c27f40567db916 100644 (file)
--- a/apparmor/usr.bin.torbrowser-launcher
+++ b/apparmor/usr.bin.torbrowser-launcher
@@ -27,7 +27,7 @@
    @{HOME}/.local/share/torbrowser/ rw,
    @{HOME}/.local/share/torbrowser/** mrwk,
    @{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
-  @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser Px,
+  @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser Px,
  
    @{PROC}/ r,
    @{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,
author	intrigeri <intrigeri@boum.org>
	Thu, 14 Aug 2014 17:15:44 +0000 (17:15 +0000)
committer	intrigeri <intrigeri@boum.org>
	Thu, 14 Aug 2014 17:54:48 +0000 (17:54 +0000)
apparmor/torbrowser.Browser.firefox		patch \| blob \| history
apparmor/torbrowser.Tor.tor		patch \| blob \| history
apparmor/torbrowser.start-tor-browser		patch \| blob \| history
apparmor/usr.bin.torbrowser-launcher		patch \| blob \| history