Add lxqt-panel (#594)

roddhjav · Nov 4, 2024 · 026fbf7 · 026fbf7
1 parent 1eb7be5
commit 026fbf7
Showing 1 changed file with 92 additions and 0 deletions.
diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
@@ -0,0 +1,92 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <[email protected]>
+# Copyright (C) 2024 Besanon  <[email protected]>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-panel
+profile lxqt-panel @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/audio-client>
+  include <abstractions/dconf-write>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+  network packet dgram,
+
+  @{exec_path} mr,
+
+  @{bin}/exo-open rix,
+  @{lib}/gio-launch-desktop  rix,
+  @{bin}/nm-applet rPx,
+  @{bin}/nm-connection-editor rPx,
+  @{bin}/ControlPanel rPx,
+
+  @{bin}/sudo rCx -> root,
+
+  @{lib}/lxqt-panel/*.so mr, #  LXQT-Plugins
+  @{lib}/lxqt-config/*.so mr, # LXQT-Plugins
+
+  /usr/share/desktop-directories/{,**} r,
+  /usr/share/lxqt/{,**} r,
+
+  /etc/fstab r,
+  /etc/udev/udev.conf r,
+  /etc/machine-id r,
+  /etc/xdg/lxqt-qtxdg.conf r,
+  /etc/xdg/menus/**.menu r,
+  /etc/xdg/menus/applications-merged/ r,
+  /etc/xdg/ui/uistandards.rc r,
+
+  /var/lib/dbus/machine-id r,
+
+  owner @{HOME}/Desktop/*.desktop rw,
+  owner @{HOME}/Desktop/#@{int} rw,
+  owner @{HOME}/Desktop/*.desktop l -> @{HOME}/Desktop/#@{int},
+
+  owner @{user_config_dirs}/menus/*.menu rw,
+  owner @{user_config_dirs}/menus/applications-merged/ r,
+  owner @{user_config_dirs}/share/desktop-directories/*.directory r,
+  owner @{user_config_dirs}/share/gvfs-metadata/{,*} r,
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/panel.conf rw,
+  owner @{user_config_dirs}/lxqt/panel.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+  owner @{user_config_dirs}/pulse/{,**} rwk,
+
+  @{run}/udev/data/* r,
+
+  @{sys}/class/i2c-adapter/ r,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
+
+  @{PROC}/@{pid}/fd/ r,
+  @{PROC}/@{pid}/net/dev r,
+  owner @{PROC}/@{pid}/mounts r,
+
+  /dev/tty rw,
+  /dev/tty@{int} rw,
+  /dev/pts/@{int} rw,
+  /dev/snd/controlC@{int} rw,
+
+  profile root {
+    include <abstractions/base>
+    include <abstractions/app/sudo>
+
+    @{bin}/lsblk rPx,
+
+    include if exists <local/lxqt-panel_root>
+  }
+
+  include if exists <local/lxqt-panel>
+}
+
+# vim:syntax=apparmor