r47884 - in /desktop/unstable/evince/debian: apparmor-profile apparmor-profile.abstraction changelog control control.in evince.apport rules

bigon at users.alioth.debian.org bigon at users.alioth.debian.org
Mon Apr 11 16:39:08 UTC 2016


Author: bigon
Date: Mon Apr 11 16:39:08 2016
New Revision: 47884

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=47884
Log:
Install apparmor profiles and apport hook, both coming from Ubuntu, thanks
to them.

Added:
    desktop/unstable/evince/debian/apparmor-profile
    desktop/unstable/evince/debian/apparmor-profile.abstraction
    desktop/unstable/evince/debian/evince.apport
Modified:
    desktop/unstable/evince/debian/changelog
    desktop/unstable/evince/debian/control
    desktop/unstable/evince/debian/control.in
    desktop/unstable/evince/debian/rules

Added: desktop/unstable/evince/debian/apparmor-profile
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/apparmor-profile?rev=47884&op=file
==============================================================================
--- desktop/unstable/evince/debian/apparmor-profile	(added)
+++ desktop/unstable/evince/debian/apparmor-profile	[utf-8] Mon Apr 11 16:39:08 2016
@@ -0,0 +1,178 @@
+# vim:syntax=apparmor
+# Author: Kees Cook <kees at canonical.com>
+#         Jamie Strandboge <jamie at canonical.com>
+
+#include <tunables/global>
+
+/usr/bin/evince {
+  #include <abstractions/audio>
+  #include <abstractions/bash>
+  #include <abstractions/cups-client>
+  #include <abstractions/dbus>
+  #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
+  #include <abstractions/evince>
+  #include <abstractions/ibus>
+  #include <abstractions/nameservice>
+
+  #include <abstractions/ubuntu-browsers>
+  #include <abstractions/ubuntu-console-browsers>
+  #include <abstractions/ubuntu-email>
+  #include <abstractions/ubuntu-console-email>
+  #include <abstractions/ubuntu-media-players>
+
+  # Terminals for using console applications. These abstractions should ideally
+  # have 'ix' to restrict access to what only evince is allowed to do
+  #include <abstractions/ubuntu-gnome-terminal>
+
+  # By default, we won't support launching a terminal program in Xterm or
+  # KDE's konsole. It opens up too many unnecessary files for most users.
+  # People who need this functionality can uncomment the following:
+  ##include <abstractions/ubuntu-xterm>
+  ##include <abstractions/ubuntu-konsole>
+
+  /usr/bin/evince rmPx,
+  /usr/bin/evince-previewer Px,
+  /usr/bin/yelp Cx -> sanitized_helper,
+  /usr/bin/bug-buddy px,
+  # 'Show Containing Folder' (LP: #1022962)
+  /usr/bin/nautilus Cx -> sanitized_helper, # Gnome
+  /usr/bin/pcmanfm Cx -> sanitized_helper,  # LXDE
+  /usr/bin/krusader Cx -> sanitized_helper, # KDE
+  /usr/bin/thunar Cx -> sanitized_helper,   # XFCE
+
+  # For Xubuntu to launch the browser
+  /usr/bin/exo-open ixr,
+  /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr,
+  /etc/xdg/xdg-xubuntu/xfce4/helpers.rc r,
+  /etc/xdg/xfce4/helpers.rc r,
+
+  # For text attachments
+  /usr/bin/gedit ixr,
+
+  # For Send to
+  /usr/bin/nautilus-sendto Cx -> sanitized_helper,
+
+  # allow directory listings (ie 'r' on directories) so browsing via the file
+  # dialog works
+  / r,
+  /**/ r,
+
+  # This is need for saving files in your home directory without an extension.
+  # Changing this to '@{HOME}/** r' makes it require an extension and more
+  # secure (but with 'rw', we still have abstractions/private-files-strict in
+  # effect).
+  owner @{HOME}/** rw,
+  owner /media/**  rw,
+  owner @{HOME}/.local/share/gvfs-metadata/** l,
+  owner /{,var/}run/user/*/gvfs-metadata/** l,
+
+  owner @{HOME}/.gnome2/evince/*       rwl,
+  owner @{HOME}/.gnome2/accels/        rw,
+  owner @{HOME}/.gnome2/accelsevince   rw,
+  owner @{HOME}/.gnome2/accels/evince  rw,
+
+  # Maybe add to an abstraction?
+  /etc/dconf/**                                       r,
+  owner @{HOME}/.cache/dconf/user                     rw,
+  owner @{HOME}/.config/dconf/user                    r,
+  owner /{,var/}run/user/*/dconf/                     w,
+  owner /{,var/}run/user/*/dconf/user                 rw,
+  owner /{,var/}run/user/*/dconf-service/keyfile/     w,
+  owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
+
+  owner /{,var/}run/user/*/at-spi2-*/   rw,
+  owner /{,var/}run/user/*/at-spi2-*/** rw,
+
+  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
+  # read and write for all supported file formats
+  /**.[bB][mM][pP]     rw,
+  /**.[dD][jJ][vV][uU] rw,
+  /**.[dD][vV][iI]     rw,
+  /**.[gG][iI][fF]     rw,
+  /**.[jJ][pP][gG]     rw,
+  /**.[jJ][pP][eE][gG] rw,
+  /**.[oO][dD][pP]     rw,
+  /**.[fFpP][dD][fF]   rw,
+  /**.[pP][nN][mM]     rw,
+  /**.[pP][nN][gG]     rw,
+  /**.[pP][sS]         rw,
+  /**.[eE][pP][sS]     rw,
+  /**.[tT][iI][fF]     rw,
+  /**.[tT][iI][fF][fF] rw,
+  /**.[xX][pP][mM]     rw,
+  /**.[gG][zZ]         rw,
+  /**.[bB][zZ]2        rw,
+  /**.[cC][bB][rRzZ7]  rw,
+  /**.[xX][zZ]         rw,
+
+  # evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
+  # directory a file is saved. This allows that behavior.
+  owner /**/.goutputstream-* w,
+}
+
+/usr/bin/evince-previewer {
+  #include <abstractions/audio>
+  #include <abstractions/bash>
+  #include <abstractions/cups-client>
+  #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
+  #include <abstractions/dbus-strict>
+  #include <abstractions/evince>
+  #include <abstractions/ibus>
+  #include <abstractions/nameservice>
+
+  #include <abstractions/ubuntu-browsers>
+  #include <abstractions/ubuntu-console-browsers>
+  #include <abstractions/ubuntu-email>
+  #include <abstractions/ubuntu-console-email>
+  #include <abstractions/ubuntu-media-players>
+
+  # Terminals for using console applications. These abstractions should ideally
+  # have 'ix' to restrict access to what only evince is allowed to do
+  #include <abstractions/ubuntu-gnome-terminal>
+
+  # By default, we won't support launching a terminal program in Xterm or
+  # KDE's konsole. It opens up too many unnecessary files for most users.
+  # People who need this functionality can uncomment the following:
+  ##include <abstractions/ubuntu-xterm>
+
+  /usr/bin/evince-previewer mr,
+  /usr/bin/yelp Cx -> sanitized_helper,
+  /usr/bin/bug-buddy px,
+
+  # Lenient, but remember we still have abstractions/private-files-strict in
+  # effect). Write is needed for 'print to file' from the previewer.
+  @{HOME}/ r,
+  @{HOME}/** rw,
+
+  # Maybe add to an abstraction?
+  owner /{,var/}run/user/*/dconf/          w,
+  owner /{,var/}run/user/*/dconf/user      rw,
+}
+
+/usr/bin/evince-thumbnailer {
+  #include <abstractions/dbus-session>
+  #include <abstractions/evince>
+
+  # The thumbnailer doesn't need access to everything in the nameservice
+  # abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
+  # logging denial of nsswitch.conf.
+  /etc/passwd r,
+  /etc/group r,
+  deny /etc/nsswitch.conf r,
+
+  # TCP/UDP network access for NFS
+  network inet  stream,
+  network inet6 stream,
+  network inet  dgram,
+  network inet6 dgram,
+
+  /usr/bin/evince-thumbnailer mr,
+
+  # Lenient, but remember we still have abstractions/private-files-strict in
+  # effect).
+  @{HOME}/ r,
+  owner @{HOME}/** rw,
+  owner /media/**  rw,
+}

Added: desktop/unstable/evince/debian/apparmor-profile.abstraction
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/apparmor-profile.abstraction?rev=47884&op=file
==============================================================================
--- desktop/unstable/evince/debian/apparmor-profile.abstraction	(added)
+++ desktop/unstable/evince/debian/apparmor-profile.abstraction	[utf-8] Mon Apr 11 16:39:08 2016
@@ -0,0 +1,124 @@
+# vim:syntax=apparmor
+#
+# abstraction used by evince binaries
+#
+
+  #include <abstractions/gnome>
+  #include <abstractions/p11-kit>
+  #include <abstractions/ubuntu-helpers>
+
+  @{PROC}/[0-9]*/fd/ r,
+  @{PROC}/[0-9]*/mountinfo r,
+  owner @{PROC}/[0-9]*/auxv r,
+  owner @{PROC}/[0-9]*/status r,
+
+  # Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
+  # Possibly move to an abstraction if anything else needs it.
+  deny /run/udev/data/** r,
+
+  # move out to the gnome abstraction if anyone else needs these
+  /dev/.udev/{data,db}/* r,
+  /etc/udev/udev.conf r,
+  /sys/devices/**/block/**/uevent r,
+
+  # apport
+  /etc/default/apport r,
+
+  # XFCE
+  /etc/xfce4/defaults.list r,
+
+  # Lubuntu
+  /etc/xdg/lubuntu/applications/defaults.list r,
+
+  # evince specific
+  /etc/ r,
+  /etc/fstab r,
+  /etc/texmf/ r,
+  /etc/texmf/** r,
+  /etc/xpdf/* r,
+  owner @{HOME}/.config/evince/   rw,
+  owner @{HOME}/.config/evince/** rwkl,
+
+  /usr/bin/gs-esp ixr,
+  /usr/bin/mktexpk Cx -> sanitized_helper,
+  /usr/bin/mktextfm Cx -> sanitized_helper,
+  /usr/bin/dvipdfm Cx -> sanitized_helper,
+  /usr/bin/dvipdfmx Cx -> sanitized_helper,
+
+  # supported archivers
+  /bin/gzip ixr,
+  /bin/bzip2 ixr,
+  /usr/bin/unrar* ixr,
+  /usr/bin/unzip ixr,
+  /usr/bin/7zr ixr,
+  /usr/lib/p7zip/7zr ixr,
+  /usr/bin/7za ixr,
+  /usr/lib/p7zip/7za ixr,
+  /usr/bin/zipnote ixr,
+  /bin/tar ixr,
+  /usr/bin/xz ixr,
+
+  # allow read access to anything in /usr/share, for plugins and input methods
+  /usr/local/share/** r,
+  /usr/share/** r,
+  /usr/lib/ghostscript/** mr,
+  /var/lib/ghostscript/** r,
+  /var/lib/texmf/** r,
+
+  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
+  # read for all supported file formats
+  /**.[bB][mM][pP]     r,
+  /**.[dD][jJ][vV][uU] r,
+  /**.[dD][vV][iI]     r,
+  /**.[gG][iI][fF]     r,
+  /**.[jJ][pP][gG]     r,
+  /**.[jJ][pP][eE][gG] r,
+  /**.[oO][dD][pP]     r,
+  /**.[fFpP][dD][fF]   r,
+  /**.[pP][nN][mM]     r,
+  /**.[pP][nN][gG]     r,
+  /**.[pP][sS]         r,
+  /**.[eE][pP][sS]     r,
+  /**.[eE][pP][sS][fFiI23] r,
+  /**.[tT][iI][fF]     r,
+  /**.[tT][iI][fF][fF] r,
+  /**.[xX][pP][mM]     r,
+  /**.[gG][zZ]         r,
+  /**.[bB][zZ]2        r,
+  /**.[cC][bB][rRzZ7]  r,
+  /**.[xX][zZ]         r,
+
+  # Use abstractions/private-files instead of abstractions/private-files-strict
+  # and add the sensitive files manually to work around LP: #451422. The goal
+  # is to disallow access to the .mozilla folder in general, but to allow
+  # access to the Cache directory, which the browser may tell evince to open
+  # from directly.
+
+  #include <abstractions/private-files>
+  audit deny @{HOME}/.gnupg/** mrwkl,
+  audit deny @{HOME}/.ssh/** mrwkl,
+  audit deny @{HOME}/.gnome2_private/** mrwkl,
+  audit deny @{HOME}/.gnome2/keyrings/** mrwkl,
+  audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,
+  audit deny @{HOME}/.pki/nssdb/** w,
+
+  audit deny @{HOME}/.mozilla/*/*/* mrwkl,
+  audit deny @{HOME}/.mozilla/**/bookmarkbackups/** mrwkl,
+  audit deny @{HOME}/.mozilla/**/chrome/** mrwkl,
+  audit deny @{HOME}/.mozilla/**/extensions/** mrwkl,
+  audit deny @{HOME}/.mozilla/**/gm_scripts/** mrwkl,
+
+  audit deny @{HOME}/.config/chromium/** mrwkl,
+  audit deny @{HOME}/.evolution/** mrwkl,
+  audit deny @{HOME}/.config/evolution/** mrwkl,
+  audit deny @{HOME}/.kde/share/config/** mrwkl,
+  audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
+  audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
+  audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/** mrwkl,
+
+  # When LP: #451422 is fixed, change the above to simply be:
+  ##include <abstractions/private-files-strict>
+  #owner @{HOME}/.mozilla/**/*Cache/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.bin.evince>

Modified: desktop/unstable/evince/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/changelog?rev=47884&op=diff
==============================================================================
--- desktop/unstable/evince/debian/changelog	[utf-8] (original)
+++ desktop/unstable/evince/debian/changelog	[utf-8] Mon Apr 11 16:39:08 2016
@@ -20,8 +20,10 @@
   * Move the manpages and the .desktop, icons, appdata, dconf, dbus/systemd
     files from the -common package to the main one.
   * Run wrap-and-sort script
-
- -- Laurent Bigonville <bigon at debian.org>  Mon, 11 Apr 2016 18:01:42 +0200
+  * Install apparmor profiles and apport hook, both coming from Ubuntu, thanks
+    to them.
+
+ -- Laurent Bigonville <bigon at debian.org>  Mon, 11 Apr 2016 18:39:03 +0200
 
 evince (3.20.0-1) unstable; urgency=medium
 

Modified: desktop/unstable/evince/debian/control
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/control?rev=47884&op=diff
==============================================================================
--- desktop/unstable/evince/debian/control	[utf-8] (original)
+++ desktop/unstable/evince/debian/control	[utf-8] Mon Apr 11 16:39:08 2016
@@ -1,14 +1,17 @@
+# This file is autogenerated. DO NOT EDIT!
+# 
+# Modifications should be made to debian/control.in instead.
+# This file is regenerated automatically in the clean target.
 Source: evince
 Section: gnome
 Priority: optional
 Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
-Uploaders: Andreas Henriksson <andreas at fatal.se>,
-           Laurent Bigonville <bigon at debian.org>,
-           Michael Biebl <biebl at debian.org>
+Uploaders: Andreas Henriksson <andreas at fatal.se>, Laurent Bigonville <bigon at debian.org>, Michael Biebl <biebl at debian.org>
 Build-Depends: adwaita-icon-theme,
                autotools-dev,
                cdbs (>= 0.4.90),
                debhelper (>= 9.20160114~),
+               dh-apparmor,
                dh-autoreconf,
                dpkg-dev (>= 1.16.1),
                gnome-common,

Modified: desktop/unstable/evince/debian/control.in
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/control.in?rev=47884&op=diff
==============================================================================
--- desktop/unstable/evince/debian/control.in	[utf-8] (original)
+++ desktop/unstable/evince/debian/control.in	[utf-8] Mon Apr 11 16:39:08 2016
@@ -7,6 +7,7 @@
                autotools-dev,
                cdbs (>= 0.4.90),
                debhelper (>= 9.20160114~),
+               dh-apparmor,
                dh-autoreconf,
                dpkg-dev (>= 1.16.1),
                gnome-common,

Added: desktop/unstable/evince/debian/evince.apport
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/evince.apport?rev=47884&op=file
==============================================================================
--- desktop/unstable/evince/debian/evince.apport	(added)
+++ desktop/unstable/evince/debian/evince.apport	[utf-8] Mon Apr 11 16:39:08 2016
@@ -0,0 +1,20 @@
+'''apport package hook for evince
+
+(c) 2009-2011 Canonical Ltd.
+Author:
+Jamie Strandboge <jamie at ubuntu.com>
+
+'''
+
+from apport.hookutils import *
+from os import path
+import re
+
+def add_info(report):
+    attach_conffiles(report, 'evince')
+    attach_related_packages(report, ['apparmor', 'libapparmor1',
+        'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit1'])
+
+    attach_mac_events(report, ['/usr/bin/evince',
+                               '/usr/bin/evince-previewer',
+                               '/usr/bin/evince-thumbnailer'])

Modified: desktop/unstable/evince/debian/rules
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/evince/debian/rules?rev=47884&op=diff
==============================================================================
--- desktop/unstable/evince/debian/rules	[utf-8] (original)
+++ desktop/unstable/evince/debian/rules	[utf-8] Mon Apr 11 16:39:08 2016
@@ -28,3 +28,9 @@
 DEB_DH_SHLIBDEPS_ARGS += -X /usr/lib/nautilus/
 
 DEB_DH_STRIP_ARGS_ALL = --dbgsym-migration='evince-dbg (<< 3.20.0-2~)'
+
+install/evince::
+	install -m 0644 -D debian/apparmor-profile debian/evince/etc/apparmor.d/usr.bin.evince
+	install -m 0644 -D debian/apparmor-profile.abstraction debian/evince/etc/apparmor.d/abstractions/evince
+	install -m 0644 -D debian/evince.apport debian/evince/usr/share/apport/package-hooks/source_evince.py
+	dh_apparmor --profile-name=usr.bin.evince -pevince




More information about the pkg-gnome-commits mailing list