waterfox-g 6.0.16

1 files changed, 0 insertions, 232 deletions

diff --git a/waterfox-g/debian/usr.bin.waterfox-g b/waterfox-g/debian/usr.bin.waterfox-g
deleted file mode 100644
index 4e3773d..0000000
--- a/waterfox-g/debian/usr.bin.waterfox-g
+++ /dev/null
@@ -1,232 +0,0 @@
-# vim:syntax=apparmor
-# Modified from firefox definition file
-# Original Author: Jamie Strandboge <jamie@canonical.com>
-
-# Declare an apparmor variable to help with overrides
-@{MOZ_LIBDIR}=/usr/lib/waterfox-g
-
-#include <tunables/global>
-
-# We want to confine the binaries that match:
-#  /usr/lib/waterfox-g/waterfox-g
-#  /usr/lib/waterfox-g/waterfox-g
-# but not:
-#  /usr/lib/waterfox-g/waterfox-g.sh
-/usr/lib/waterfox-g/waterfox-g{,*[^s][^h]} {
-  #include <abstractions/audio>
-  #include <abstractions/cups-client>
-  #include <abstractions/dbus-strict>
-  #include <abstractions/dbus-session-strict>
-  #include <abstractions/dconf>
-  #include <abstractions/gnome>
-  #include <abstractions/ibus>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/p11-kit>
-  #include <abstractions/ubuntu-unity7-base>
-  #include <abstractions/ubuntu-unity7-launcher>
-
-  #include <abstractions/dbus-accessibility-strict>
-  dbus (send)
-       bus=session
-       peer=(name=org.a11y.Bus),
-  dbus (receive)
-       bus=session
-       interface=org.a11y.atspi**,
-  dbus (receive, send)
-       bus=accessibility,
-
-  # for networking
-  network inet stream,
-  network inet6 stream,
-  @{PROC}/[0-9]*/net/if_inet6 r,
-  @{PROC}/[0-9]*/net/ipv6_route r,
-  @{PROC}/[0-9]*/net/dev r,
-  @{PROC}/[0-9]*/net/wireless r,
-  dbus (send)
-       bus=system
-       path=/org/freedesktop/NetworkManager
-       member=state,
-  dbus (receive)
-       bus=system
-       path=/org/freedesktop/NetworkManager,
-
-  # should maybe be in abstractions
-  /etc/ r,
-  /etc/mime.types r,
-  /etc/mailcap r,
-  /etc/xdg/*buntu/applications/defaults.list    r, # for all derivatives
-  /etc/xfce4/defaults.list r,
-  /usr/share/xubuntu/applications/defaults.list r,
-  owner @{HOME}/.local/share/applications/defaults.list r,
-  owner @{HOME}/.local/share/applications/mimeapps.list r,
-  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
-  owner /tmp/** m,
-  owner /var/tmp/** m,
-  owner /{,var/}run/shm/shmfd-* rw,
-  owner /{dev,run}/shm/org.chromium.* rwk,
-  /tmp/.X[0-9]*-lock r,
-  /etc/udev/udev.conf r,
-  # Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
-  # Possibly move to an abstraction if anything else needs it.
-  deny /run/udev/data/** r,
-  # let the shell know we launched something
-  dbus (send)
-     bus=session
-     interface=org.gtk.gio.DesktopAppInfo
-     member=Launched,
-
-  /etc/timezone r,
-  /etc/wildmidi/wildmidi.cfg r,
-
-  # waterfox specific
-  /etc/waterfox-g*/ r,
-  /etc/waterfox-g*/** r,
-
-  # firefox specific
-  #/etc/xul-ext/** r,
-  #/etc/xulrunner-2.0*/ r,
-  #/etc/xulrunner-2.0*/** r,
-  #/etc/gre.d/ r,
-  #/etc/gre.d/* r,
-
-  # noisy
-  #deny @{MOZ_LIBDIR}/** w,
-  #deny /usr/lib/firefox-addons/** w,
-  #deny /usr/lib/xulrunner-addons/** w,
-  #deny /usr/lib/xulrunner-*/components/*.tmp w,
-  deny /.suspended r,
-  deny /boot/initrd.img* r,
-  deny /boot/vmlinuz* r,
-  deny /var/cache/fontconfig/ w,
-  deny @{HOME}/.local/share/recently-used.xbel r,
-
-  # TODO: investigate
-  deny /usr/bin/gconftool-2 x,
-
-  # These are needed when a new user starts waterfox and waterfox.sh is used
-  @{MOZ_LIBDIR}/** ixr,
-  /usr/bin/basename ixr,
-  /usr/bin/dirname ixr,
-  /usr/bin/pwd ixr,
-  /sbin/killall5 ixr,
-  /bin/which ixr,
-  /usr/bin/tr ixr,
-  @{PROC}/ r,
-  @{PROC}/[0-9]*/cmdline r,
-  @{PROC}/[0-9]*/mountinfo r,
-  @{PROC}/[0-9]*/stat r,
-  owner @{PROC}/[0-9]*/task/[0-9]*/stat r,
-  @{PROC}/[0-9]*/status r,
-  @{PROC}/filesystems r,
-  @{PROC}/sys/vm/overcommit_memory r,
-  /sys/devices/pci[0-9]*/**/uevent r,
-  /sys/devices/platform/**/uevent r,
-  /sys/devices/pci*/**/{busnum,idVendor,idProduct} r,
-  owner @{HOME}/.cache/thumbnails/** rw,
-
-  /etc/mtab r,
-  /etc/fstab r,
-
-  # Needed for the crash reporter
-  owner @{PROC}/[0-9]*/environ r,
-  owner @{PROC}/[0-9]*/auxv r,
-  /etc/lsb-release r,
-  /usr/bin/expr ix,
-  /sys/devices/system/cpu/ r,
-  /sys/devices/system/cpu/** r,
-
-  # about:memory
-  owner @{PROC}/[0-9]*/statm r,
-  owner @{PROC}/[0-9]*/smaps r,
-
-  # Needed for container to work in xul builds
-  #/usr/lib/xulrunner-*/plugin-container ixr,
-
-  # allow access to documentation and other files the user may want to look
-  # at in /usr and @{MOZ_LIBDIR}
-  /usr/ r,
-  /usr/** r,
-  @{MOZ_LIBDIR}/ r,
-  @{MOZ_LIBDIR}/** r,
-
-  # so browsing directories works
-  / r,
-  /**/ r,
-
-  # Default profile allows downloads to ~/Downloads and uploads from ~/Public
-  owner @{HOME}/ r,
-  owner @{HOME}/Public/ r,
-  owner @{HOME}/Public/* r,
-  owner @{HOME}/Downloads/ r,
-  owner @{HOME}/Downloads/* rw,
-
-  # per-user waterfox configuration
-  owner @{HOME}/.waterfox/ rw,
-  owner @{HOME}/.waterfox/** rw,
-  owner @{HOME}/.waterfox/**/*.{db,parentlock,sqlite}* k,
-  owner @{HOME}/.waterfox/plugins/** rm,
-  owner @{HOME}/.waterfox/**/plugins/** rm,
-  owner @{HOME}/.gnome2/waterfox* rwk,
-  owner @{HOME}/.cache/waterfox/ rw,
-  owner @{HOME}/.cache/waterfox/** rw,
-  owner @{HOME}/.cache/waterfox/**/*.sqlite k,
-  owner @{HOME}/.config/gtk-3.0/bookmarks r,
-  owner @{HOME}/.config/dconf/user w,
-  owner /{,var/}run/user/*/dconf/user w,
-  dbus (send)
-       bus=session
-       path=/org/gnome/GConf/Server
-       member=GetDefaultDatabase,
-  dbus (send)
-       bus=session
-       path=/org/gnome/GConf/Database/*
-       member={AddMatch,AddNotify,AllEntries,LookupExtended,RemoveNotify},
-
-  #
-  # Extensions
-  # /usr/share/.../extensions/... is already covered by '/usr/** r', above.
-  # Allow 'x' for downloaded extensions, but inherit policy for safety
-  owner @{HOME}/.waterfox/**/extensions/** mixr,
-
-  #deny @{MOZ_LIBDIR}/update.test w,
-  #deny /usr/lib/mozilla/extensions/**/ w,
-  #deny /usr/lib/xulrunner-addons/extensions/**/ w,
-  #deny /usr/share/mozilla/extensions/**/ w,
-  #deny /usr/share/mozilla/ w,
-
-  # Miscellaneous (to be abstracted)
-  # Ideally these would use a child profile. They are all ELF executables
-  # so running with 'Ux', while not ideal, is ok because we will at least
-  # benefit from glibc's secure execute.
-  /usr/bin/mkfifo Uxr,  # investigate
-  /bin/ps Uxr,
-  /bin/uname Uxr,
-
-  /usr/bin/lsb_release Cxr -> lsb_release,
-  profile lsb_release {
-    #include <abstractions/base>
-    #include <abstractions/python>
-    /usr/bin/lsb_release r,
-    /bin/dash ixr,
-    /usr/bin/dpkg-query ixr,
-    /usr/include/python2.[4567]/pyconfig.h r,
-    /etc/lsb-release r,
-    /etc/debian_version r,
-    /var/lib/dpkg/** r,
-
-    /usr/local/lib/python3.[0-4]/dist-packages/ r,
-    /usr/bin/ r,
-    /usr/bin/python3.[0-4] r,
-
-    # file_inherit
-    deny /tmp/gtalkplugin.log w,
-  }
-
-  # Addons
-  #include <abstractions/ubuntu-browsers.d/waterfox-g>
-  /usr/lib/waterfox/kwaterfoxhelper Cxr -> sanitized_helper,
-
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.bin.waterfox-g>
-}