Accepting request 128052 from GNOME:Factory

Add apparmor profile - safe for 12.2 (forwarded request 128051 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/128052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/colord?expand=0&rev=23

colord-gtk.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jul  5 14:47:17 UTC 2012 - meissner@suse.com
+
+- Add a apparmor profile for usr.lib.colord
+
 -------------------------------------------------------------------
 Wed May 23 19:18:54 UTC 2012 - zaitor@opensuse.org
 

colord-gtk.spec

@@ -28,6 +28,8 @@ License:        GPL-2.0+
 Group:          System/Daemons
 Url:            http://colord.hughsie.com/
 Source0:        http://www.freedesktop.org/software/colord/releases/%{_name}-%{version}.tar.xz
+# Apparmor profile
+Source1:        usr.lib.colord
 Source99:       baselibs.conf
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  intltool
@@ -145,6 +147,8 @@ find %{buildroot} -type f -name '*.la' -delete -print
 
 %if !%{build_gtk}
 
+mkdir %{buildroot}/etc/apparmor.d
+install -c -m 644 %{SOURCE1} %{buildroot}/etc/apparmor.d/
 # Manually install prebuilt man pages, since we don't have docbook2man
 pushd man
 test ! -f %{buildroot}%{_mandir}/man1/*
@@ -223,6 +227,8 @@ exit 0
 %{_mandir}/man1/cd-create-profile.1%{?ext_man}
 %{_mandir}/man1/cd-fix-profile.1%{?ext_man}
 %{_mandir}/man1/colormgr.1%{?ext_man}
+%dir /etc/apparmor.d/
+%config /etc/apparmor.d/usr.lib.colord
 
 %files -n libcolord1
 %defattr(-, root, root)

colord.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jul  5 14:47:17 UTC 2012 - meissner@suse.com
+
+- Add a apparmor profile for usr.lib.colord
+
 -------------------------------------------------------------------
 Wed May 23 19:18:54 UTC 2012 - zaitor@opensuse.org
 

colord.spec

@@ -27,6 +27,8 @@ License:        GPL-2.0+
 Group:          System/Daemons
 Url:            http://colord.hughsie.com/
 Source0:        http://www.freedesktop.org/software/colord/releases/%{_name}-%{version}.tar.xz
+# Apparmor profile
+Source1:        usr.lib.colord
 Source99:       baselibs.conf
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  intltool
@@ -144,6 +146,8 @@ find %{buildroot} -type f -name '*.la' -delete -print
 
 %if !%{build_gtk}
 
+mkdir %{buildroot}/etc/apparmor.d
+install -c -m 644 %{SOURCE1} %{buildroot}/etc/apparmor.d/
 # Manually install prebuilt man pages, since we don't have docbook2man
 pushd man
 test ! -f %{buildroot}%{_mandir}/man1/*
@@ -222,6 +226,8 @@ exit 0
 %{_mandir}/man1/cd-create-profile.1%{?ext_man}
 %{_mandir}/man1/cd-fix-profile.1%{?ext_man}
 %{_mandir}/man1/colormgr.1%{?ext_man}
+%dir /etc/apparmor.d/
+%config /etc/apparmor.d/usr.lib.colord
 
 %files -n libcolord1
 %defattr(-, root, root)

usr.lib.colord

@@ -0,0 +1,37 @@
+# Last Modified: Thu Jul  5 16:42:52 2012
+#include <tunables/global>
+
+/usr/lib/colord {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+
+  deny /usr/share/gvfs/remote-volume-monitors/ r,
+  deny /usr/share/gvfs/remote-volume-monitors/afc.monitor r,
+  deny /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r,
+
+  /etc/colord.conf r,
+  /etc/fstab r,
+  /etc/udev/udev.conf r,
+  /proc/*/mounts r,
+  /run/udev/data/* r,
+  /sys/bus/ r,
+  /sys/bus/usb/devices/ r,
+  /sys/class/ r,
+  /sys/devices/** r,
+  /usr/lib/colord mr,
+  /usr/share/color/**/ r,
+  /usr/share/color/icc/** r,
+  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Device.xml r,
+  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Profile.xml r,
+  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Sensor.xml r,
+  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.xml r,
+  /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r,
+  /usr/share/locale-bundle/**.mo r,
+  /var/lib/color/icc/ r,
+  /var/lib/colord/mapping.db rwk,
+  /var/lib/colord/mapping.db-journal rw,
+  /var/lib/colord/storage.db rwk,
+  /var/lib/colord/storage.db-journal rw,
+
+}