__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
# vim:syntax=apparmor
#
# abstraction used by papers binaries
#
include <abstractions/gnome>
include <abstractions/mesa>
include <abstractions/p11-kit>
include <abstractions/ubuntu-helpers>
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/mountinfo r,
owner @{PROC}/[0-9]*/auxv r,
owner @{PROC}/[0-9]*/status r,
# Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
# Possibly move to an abstraction if anything else needs it.
deny /run/udev/data/** r,
# move out to the gnome abstraction if anyone else needs these
/etc/udev/udev.conf r,
/sys/devices/**/block/**/uevent r,
# apport
/etc/default/apport r,
# XFCE
/etc/xfce4/defaults.list r,
# Lubuntu
/etc/xdg/lubuntu/applications/defaults.list r,
# papers specific
/etc/ r,
/etc/fstab r,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
owner @{HOME}/.config/papers/ rw,
owner @{HOME}/.config/papers/** rwkl,
/usr/bin/gs-esp ixr,
/usr/bin/mktexpk Cx -> sanitized_helper,
/usr/bin/mktextfm Cx -> sanitized_helper,
/usr/bin/dvipdfm Cx -> sanitized_helper,
/usr/bin/dvipdfmx Cx -> sanitized_helper,
# gio-launch-desktop was replaced by a very small shell script
/{usr/,}bin/{dash,bash} ixr,
# With older GLib we might still be on the fallback code path
# (remove this after Debian 11 and Ubuntu 20.04)
/usr/lib/*/glib-2.0/gio-launch-desktop ixr,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/{,**} r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[aA][iI] r,
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRzZ7] r,
/**.[xX][zZ] r,
# Use abstractions/private-files instead of abstractions/private-files-strict
# and add the sensitive files manually to work around LP: #451422. The goal
# is to disallow access to the .mozilla folder in general, but to allow
# access to the Cache directory, which the browser may tell papers to open
# from directly.
include <abstractions/private-files>
audit deny @{HOME}/.gnupg/{,**} mrwkl,
audit deny @{HOME}/.ssh/{,**} mrwkl,
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
audit deny @{HOME}/.gnome2/ w,
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/apps/kwallet/{,**} mrwkl,
audit deny @{HOME}/.pki/{,nssdb/} w,
audit deny @{HOME}/.pki/nssdb/{,**} wl,
audit deny @{HOME}/.mozilla/{,**/} w,
audit deny @{HOME}/.mozilla/*/*/* mrwkl,
audit deny @{HOME}/.mozilla/**/bookmarkbackups/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/chrome/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/extensions/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/gm_scripts/{,**} mrwkl,
audit deny @{HOME}/.config/ w,
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
audit deny @{HOME}/.config/evolution/{,**} mrwkl,
audit deny @{HOME}/.evolution/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/config/{,**} mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/{,**} mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/{,**/} w,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/{,**} mrwkl,
# When LP: #451422 is fixed, change the above to simply be:
##include <abstractions/private-files-strict>
#owner @{HOME}/.mozilla/**/*Cache/* r,
# Site-specific additions and overrides. See local/README for details.
include <local/usr.bin.papers>
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| apparmor_api | Folder | 0755 |
|
|
| ubuntu-browsers.d | Folder | 0755 |
|
|
| X | File | 1.97 KB | 0644 |
|
| apache2-common | File | 1.09 KB | 0644 |
|
| aspell | File | 412 B | 0644 |
|
| audio | File | 2.01 KB | 0644 |
|
| authentication | File | 2.14 KB | 0644 |
|
| base | File | 7.02 KB | 0644 |
|
| bash | File | 1.58 KB | 0644 |
|
| consoles | File | 903 B | 0644 |
|
| crypto | File | 992 B | 0644 |
|
| cups-client | File | 820 B | 0644 |
|
| dbus | File | 694 B | 0644 |
|
| dbus-accessibility | File | 745 B | 0644 |
|
| dbus-accessibility-strict | File | 760 B | 0644 |
|
| dbus-network-manager-strict | File | 1.37 KB | 0644 |
|
| dbus-session | File | 747 B | 0644 |
|
| dbus-session-strict | File | 1.23 KB | 0644 |
|
| dbus-strict | File | 781 B | 0644 |
|
| dconf | File | 442 B | 0644 |
|
| devices-usb | File | 652 B | 0644 |
|
| devices-usb-read | File | 1014 B | 0644 |
|
| dovecot-common | File | 675 B | 0644 |
|
| dri-common | File | 542 B | 0644 |
|
| dri-enumerate | File | 392 B | 0644 |
|
| enchant | File | 2.17 KB | 0644 |
|
| exo-open | File | 1.88 KB | 0644 |
|
| fcitx | File | 558 B | 0644 |
|
| fcitx-strict | File | 1.22 KB | 0644 |
|
| fonts | File | 2.23 KB | 0644 |
|
| freedesktop.org | File | 1.64 KB | 0644 |
|
| frr | File | 1.58 KB | 0644 |
|
| frr-snmp | File | 716 B | 0644 |
|
| gio-open | File | 1.51 KB | 0644 |
|
| gnome | File | 3.73 KB | 0644 |
|
| gnupg | File | 459 B | 0644 |
|
| groff | File | 1.86 KB | 0644 |
|
| gtk | File | 1.58 KB | 0644 |
|
| gvfs-open | File | 1.15 KB | 0644 |
|
| hosts_access | File | 511 B | 0644 |
|
| ibus | File | 992 B | 0644 |
|
| kde | File | 3.25 KB | 0644 |
|
| kde-globals-write | File | 413 B | 0644 |
|
| kde-icon-cache-write | File | 256 B | 0644 |
|
| kde-language-write | File | 575 B | 0644 |
|
| kde-open5 | File | 3.58 KB | 0644 |
|
| kerberosclient | File | 1.44 KB | 0644 |
|
| ldapclient | File | 856 B | 0644 |
|
| libpam-systemd | File | 770 B | 0644 |
|
| likewise | File | 595 B | 0644 |
|
| mdns | File | 554 B | 0644 |
|
| mesa | File | 1.5 KB | 0644 |
|
| mir | File | 694 B | 0644 |
|
| mozc | File | 573 B | 0644 |
|
| mysql | File | 739 B | 0644 |
|
| nameservice | File | 3.77 KB | 0644 |
|
| nameservice-strict | File | 1.15 KB | 0644 |
|
| nis | File | 625 B | 0644 |
|
| nss-systemd | File | 1.22 KB | 0644 |
|
| nvidia | File | 1.09 KB | 0644 |
|
| opencl | File | 370 B | 0644 |
|
| opencl-common | File | 516 B | 0644 |
|
| opencl-intel | File | 672 B | 0644 |
|
| opencl-mesa | File | 636 B | 0644 |
|
| opencl-nvidia | File | 895 B | 0644 |
|
| opencl-pocl | File | 2.84 KB | 0644 |
|
| openssl | File | 642 B | 0644 |
|
| orbit2 | File | 197 B | 0644 |
|
| p11-kit | File | 999 B | 0644 |
|
| papers | File | 4.31 KB | 0644 |
|
| perl | File | 974 B | 0644 |
|
| php | File | 1.16 KB | 0644 |
|
| php-worker | File | 558 B | 0644 |
|
| php5 | File | 208 B | 0644 |
|
| postfix-common | File | 1.32 KB | 0644 |
|
| private-files | File | 1.62 KB | 0644 |
|
| private-files-strict | File | 1.18 KB | 0644 |
|
| python | File | 2.44 KB | 0644 |
|
| qt5 | File | 863 B | 0644 |
|
| qt5-compose-cache-write | File | 399 B | 0644 |
|
| qt5-settings-write | File | 514 B | 0644 |
|
| qt6 | File | 863 B | 0644 |
|
| qt6-compose-cache-write | File | 399 B | 0644 |
|
| qt6-settings-write | File | 515 B | 0644 |
|
| recent-documents-write | File | 466 B | 0644 |
|
| ruby | File | 1008 B | 0644 |
|
| samba | File | 1.27 KB | 0644 |
|
| samba-rpcd | File | 817 B | 0644 |
|
| smbpass | File | 581 B | 0644 |
|
| snap_browsers | File | 1.54 KB | 0644 |
|
| ssl_certs | File | 1.49 KB | 0644 |
|
| ssl_keys | File | 938 B | 0644 |
|
| svn-repositories | File | 1.72 KB | 0644 |
|
| transmission-common | File | 4.28 KB | 0644 |
|
| trash | File | 3.54 KB | 0644 |
|
| ubuntu-bittorrent-clients | File | 821 B | 0644 |
|
| ubuntu-browsers | File | 1.58 KB | 0644 |
|
| ubuntu-console-browsers | File | 731 B | 0644 |
|
| ubuntu-console-email | File | 718 B | 0644 |
|
| ubuntu-email | File | 1.06 KB | 0644 |
|
| ubuntu-feed-readers | File | 456 B | 0644 |
|
| ubuntu-gnome-terminal | File | 300 B | 0644 |
|
| ubuntu-helpers | File | 3.82 KB | 0644 |
|
| ubuntu-konsole | File | 453 B | 0644 |
|
| ubuntu-media-players | File | 2.3 KB | 0644 |
|
| ubuntu-unity7-base | File | 2.5 KB | 0644 |
|
| ubuntu-unity7-launcher | File | 311 B | 0644 |
|
| ubuntu-unity7-messaging | File | 313 B | 0644 |
|
| ubuntu-xterm | File | 346 B | 0644 |
|
| user-download | File | 987 B | 0644 |
|
| user-mail | File | 944 B | 0644 |
|
| user-manpages | File | 1000 B | 0644 |
|
| user-tmp | File | 760 B | 0644 |
|
| user-write | File | 972 B | 0644 |
|
| video | File | 594 B | 0644 |
|
| vulkan | File | 1.1 KB | 0644 |
|
| wayland | File | 713 B | 0644 |
|
| web-data | File | 811 B | 0644 |
|
| winbind | File | 882 B | 0644 |
|
| wutmp | File | 854 B | 0644 |
|
| xad | File | 984 B | 0644 |
|
| xdg-desktop | File | 782 B | 0644 |
|
| xdg-open | File | 2.23 KB | 0644 |
|