/etc/apparmor.d/usr.bin.evince is in apparmor-profiles-extra 1.4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | # vim:syntax=apparmor
# Author: Kees Cook <kees@canonical.com>
# Jamie Strandboge <jamie@canonical.com>
#include <tunables/global>
/usr/bin/evince {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus>
#include <abstractions/dbus-session>
#include <abstractions/dbus-accessibility>
#include <abstractions/evince>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only evince is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
##include <abstractions/ubuntu-konsole>
/usr/bin/evince rmPx,
/usr/bin/evince-previewer Px,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# 'Show Containing Folder' (LP: #1022962)
/usr/bin/nautilus Cx -> sanitized_helper, # Gnome
/usr/bin/pcmanfm Cx -> sanitized_helper, # LXDE
/usr/bin/krusader Cx -> sanitized_helper, # KDE
/usr/bin/thunar Cx -> sanitized_helper, # XFCE
# For Xubuntu to launch the browser
/usr/bin/exo-open ixr,
/usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr,
/etc/xdg/xdg-xubuntu/xfce4/helpers.rc r,
/etc/xdg/xfce4/helpers.rc r,
# For text attachments
/usr/bin/gedit ixr,
# For Send to
/usr/bin/nautilus-sendto Cx -> sanitized_helper,
# allow directory listings (ie 'r' on directories) so browsing via the file
# dialog works
/ r,
/**/ r,
# This is need for saving files in your home directory without an extension.
# Changing this to '@{HOME}/** r' makes it require an extension and more
# secure (but with 'rw', we still have abstractions/private-files-strict in
# effect).
owner @{HOME}/** rw,
owner /media/** rw,
owner @{HOME}/.local/share/gvfs-metadata/** l,
owner /{,var/}run/user/*/gvfs-metadata/** l,
owner @{HOME}/.gnome2/evince/* rwl,
owner @{HOME}/.gnome2/accels/ rw,
owner @{HOME}/.gnome2/accelsevince rw,
owner @{HOME}/.gnome2/accels/evince rw,
# Maybe add to an abstraction?
/etc/dconf/** r,
owner @{HOME}/.cache/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
owner /{,var/}run/user/*/dconf-service/keyfile/ w,
owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read and write for all supported file formats
/**.[bB][mM][pP] rw,
/**.[dD][jJ][vV][uU] rw,
/**.[dD][vV][iI] rw,
/**.[gG][iI][fF] rw,
/**.[jJ][pP][gG] rw,
/**.[jJ][pP][eE][gG] rw,
/**.[oO][dD][pP] rw,
/**.[fFpP][dD][fF] rw,
/**.[pP][nN][mM] rw,
/**.[pP][nN][gG] rw,
/**.[pP][sS] rw,
/**.[eE][pP][sS] rw,
/**.[tT][iI][fF] rw,
/**.[tT][iI][fF][fF] rw,
/**.[xX][pP][mM] rw,
/**.[gG][zZ] rw,
/**.[bB][zZ]2 rw,
/**.[cC][bB][rRzZ7] rw,
/**.[xX][zZ] rw,
# evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
# directory a file is saved. This allows that behavior.
owner /**/.goutputstream-* w,
}
/usr/bin/evince-previewer {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus-session>
#include <abstractions/dbus-accessibility>
#include <abstractions/evince>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only evince is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
/usr/bin/evince-previewer mr,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# Lenient, but remember we still have abstractions/private-files-strict in
# effect). Write is needed for 'print to file' from the previewer.
@{HOME}/ r,
@{HOME}/** rw,
# Maybe add to an abstraction?
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
}
/usr/bin/evince-thumbnailer {
#include <abstractions/dbus-session>
#include <abstractions/evince>
# The thumbnailer doesn't need access to everything in the nameservice
# abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
# logging denial of nsswitch.conf.
/etc/passwd r,
/etc/group r,
deny /etc/nsswitch.conf r,
# TCP/UDP network access for NFS
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
/usr/bin/evince-thumbnailer mr,
# Lenient, but remember we still have abstractions/private-files-strict in
# effect).
@{HOME}/ r,
owner @{HOME}/** rw,
owner /media/** rw,
}
|