From acfc264f90eb185a54fd4b8288fa20154f2d3e64 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Thu, 27 Aug 2015 10:09:52 +0000
Subject: [PATCH] Pidgin: update from the apparmor-profiles repository at
 revision 146.

---
 debian/README.Debian    |  4 ++--
 profiles/usr.bin.pidgin | 30 ++++++++++++++++++++++++------
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index 20f9fdd..10c6b97 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -9,7 +9,7 @@ Included profiles
 - irssi: taken from the apparmor-profiles repository at revision 132.
 - ntpd: taken from Ubuntu's ntp 1:4.2.6.p5+dfsg-3ubuntu2.
   Still up-to-date as of 4.7.4-1ubuntu1.
-- Pidgin: taken from the apparmor-profiles repository at revision 142.
+- Pidgin: taken from the apparmor-profiles repository at revision 146.
 - tcpdump: taken from Ubuntu's tcpdump 4.5.1-2ubuntu2.
   Still up-to-date as of 4.7.4-1ubuntu1.
 - Totem: taken from the apparmor-profiles repository at revision 134,
@@ -24,4 +24,4 @@ apparmor-profiles repository
 
 https://code.launchpad.net/~apparmor-dev/apparmor-profiles/master
 
- -- intrigeri <intrigeri@debian.org>, Thu, 27 Aug 2015 12:08:18 +0200
+ -- intrigeri <intrigeri@debian.org>, Thu, 27 Aug 2015 12:09:24 +0200
diff --git a/profiles/usr.bin.pidgin b/profiles/usr.bin.pidgin
index 289c6b4..7e3307f 100644
--- a/profiles/usr.bin.pidgin
+++ b/profiles/usr.bin.pidgin
@@ -6,8 +6,9 @@
   #include <abstractions/audio>
   #include <abstractions/base>
   #include <abstractions/bash>
-  #include <abstractions/dbus>
   #include <abstractions/dbus-session>
+  #include <abstractions/dbus-strict>
+  #include <abstractions/dconf>
   #include <abstractions/enchant>
   #include <abstractions/gnome>
   #include <abstractions/gstreamer>
@@ -20,6 +21,21 @@
   #include <abstractions/ubuntu-helpers>
   #include <abstractions/user-download>
 
+  dbus receive
+       bus=system
+       path=/org/freedesktop/NetworkManager
+       interface=org.freedesktop.NetworkManager
+       member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged,PropertiesChanged}
+       peer=(label=unconfined),
+
+  dbus send
+       bus=system
+       path=/org/freedesktop/NetworkManager
+       interface=org.freedesktop.NetworkManager
+       member=state
+       peer=(label=unconfined),
+
+  deny ptrace,
   deny capability sys_ptrace,
   deny @{HOME}/.local/share/applications/wine/ r,
 
@@ -27,11 +43,14 @@
   owner @{HOME}/.gstreamer*/** rw,
   owner @{HOME}/.purple/ rw,
   owner @{HOME}/.purple/** rwk,
-  owner @{HOME}/.{cache,config}/dconf/user rw,
   owner @{HOME}/.config/indicators/ rw,
   owner @{HOME}/.config/indicators/** rw,
   owner @{HOME}/.local/share/applications/ r,
-  owner /{,var/}run/user/[0-9]*/dconf/user rwk,
+
+  # Uncomment the two following lines if you want to allow Pidgin to update
+  # any DConf setting:
+  # owner @{HOME}/.{cache,config}/dconf/user rw,
+  # owner /{,var/}run/user/[0-9]*/dconf/user rwk,
 
   /bin/dash rix,
   /bin/which rix,
@@ -48,7 +67,6 @@
 
   /etc/purple/prefs.xml r,
 
-  /usr/share/gnome/applications/ r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /usr/lib/frei0r-1/*.so rm,
@@ -65,8 +83,8 @@
   /usr/share/tcltk/** r,
   /usr/share/themes/ r,
 
-  owner @{PROC}/[0-9]*/auxv r,
-  owner @{PROC}/[0-9]*/fd/ r,
+  owner @{PROC}/@{pid}/auxv r,
+  owner @{PROC}/@{pid}/fd/ r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.pidgin>
-- 
GitLab