torbrowser-launcher/apparmor/usr.bin.torbrowser-launcher

# Last Modified: Thu Jan  2 15:12:38 2014
#include <tunables/global>

/usr/bin/torbrowser-launcher flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/python>
  #include <abstractions/consoles>
  #include <abstractions/gnome>
  #include <abstractions/fonts>
  #include <abstractions/X>
  #include <abstractions/audio>
  #include <abstractions/freedesktop.org>

  capability sys_ptrace,

  # This script doesn't really need to read the interpreter that's running it.
  deny /usr/bin/python{2,3}.[0-7]* r,

  /{usr/,}bin/{dash,grep,ps} rix,
  /dev/ r,
  /etc/magic r,
  @{HOME}/.config/torbrowser/ rw,
  @{HOME}/.config/torbrowser/** mrwk,
  @{HOME}/.cache/torbrowser/ rw,
  @{HOME}/.cache/torbrowser/** mrwk,
  @{HOME}/.local/share/torbrowser/ rw,
  @{HOME}/.local/share/torbrowser/** mrwk,
  @{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
  @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser.desktop Ux,

  @{PROC}/ r,
  @{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,
  @{PROC}/[0-9]*/task/** r,
  @{PROC}/sys/kernel/pid_max r,
  @{PROC}/tty/drivers r,
  @{PROC}/uptime r,
  /usr/bin/ r,
  /usr/bin/{gpg,dirname,expr,file,getconf,id} rix,
  /usr/bin/torbrowser-launcher r,
  /usr/share/file/magic.mgc r,
  /usr/share/file/magic/ r,
  /usr/share/themes/** r,
  /usr/share/torbrowser-launcher/** r,

  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  owner @{HOME}/.config/dconf/user r,
  owner /{,var/}run/user/*/dconf/user rw,

  # including abstractions/audio is not enough to play modem sound
  /usr/bin/pulseaudio Pixr,

  #include <local/usr.bin.torbrowser-launcher>
}