torproject/torbrowser-launcher
1
0
Fork 0
mirror of https://github.com/torproject/torbrowser-launcher.git synced 2024-10-07 07:33:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AppArmor: refactor thanks to variables defined in tunables/torbrowser.

Browse Source
This commit is contained in:
intrigeri 2018-01-29 07:59:51 +00:00
parent b1e082fef0
commit a9bef63bd8
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apparmor/torbrowser.Tor.tor
View File

@ -1,4 +1,5 @@
#include <tunables/global>
#include <tunables/torbrowser>
/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor {
#include <abstractions/base>
@ -11,19 +12,19 @@
/etc/nsswitch.conf r,
/etc/passwd r,
/etc/resolv.conf r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor mr,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/ rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/* rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/lock rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so mr,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so.* mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/* rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
# Silence file_inherit logs
deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}features/*.xpi r,
deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/.parentlock rw,
deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/startupCache/* r,
deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
@{PROC}/sys/kernel/random/uuid r,
/sys/devices/system/cpu/ r,