From d7b74da90b293e202cd79984fc1fc8d1e443d9cc Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Wed, 25 Oct 2017 08:53:42 +0000
Subject: [PATCH] Totem, gstreamer abstraction, gst_plugin_scanner: update to
 https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769.

---
 debian/README.Debian            | 4 ++--
 profiles/abstractions/gstreamer | 8 +++++++-
 profiles/abstractions/totem     | 2 +-
 profiles/gst_plugin_scanner     | 3 +++
 profiles/usr.bin.totem          | 2 ++
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index 8ef2e61..d732222 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -7,7 +7,7 @@ Included profiles
 - irssi: taken from the apparmor-profiles repository at commit 5ba92ee.
 - Pidgin: taken from the apparmor-profiles repository at commit 5ba92ee.
 - Totem: taken from the apparmor-profiles repository at commit bfc0bff.
-  + https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332143.
+  + https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769.
 
 Sources
 =======
@@ -17,4 +17,4 @@ apparmor-profiles repository
 
 https://code.launchpad.net/~apparmor-dev/apparmor-profiles/+git/apparmor-profiles/+ref/master
 
- -- intrigeri <intrigeri@debian.org>, Wed, 20 Sep 2017 17:47:18 +0200
+ -- intrigeri <intrigeri@debian.org>, Wed, 25 Oct 2017 10:54:11 +0200
diff --git a/profiles/abstractions/gstreamer b/profiles/abstractions/gstreamer
index ef8c3ef..893e672 100644
--- a/profiles/abstractions/gstreamer
+++ b/profiles/abstractions/gstreamer
@@ -4,12 +4,18 @@
 
   /etc/udev/udev.conf r,
 
+  /dev/dri/ r,
+
   # /dev/shm is a symlink to /run/shm on ubuntu
   owner /{dev,run}/shm/shmfd-* rw,
 
+  /run/udev/data/c* r,
   /run/udev/data/+pci:* r,
+  /run/udev/data/+usb* r,
 
-  /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r,
+  /sys/devices/pci[0-9]*/**/{busnum,config,devnum,descriptors,speed,uevent} r,
+  /sys/devices/system/node/ r,
+  /sys/devices/system/node/*/meminfo r,
 
   owner /tmp/orcexec.* mrw,
   owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
diff --git a/profiles/abstractions/totem b/profiles/abstractions/totem
index 1147200..67fe3cf 100644
--- a/profiles/abstractions/totem
+++ b/profiles/abstractions/totem
@@ -28,7 +28,7 @@
   /usr/share/** r,
   /{media,mnt,opt,srv}/** r,
 
-  /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner Cix -> gst_plugin_scanner,
+  /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner px -> gst_plugin_scanner,
 
   owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/ rw,
   owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin rw,
diff --git a/profiles/gst_plugin_scanner b/profiles/gst_plugin_scanner
index d74d00e..bea6c32 100644
--- a/profiles/gst_plugin_scanner
+++ b/profiles/gst_plugin_scanner
@@ -7,6 +7,9 @@ profile gst_plugin_scanner {
   #include <abstractions/gstreamer>
   #include <abstractions/X>
 
+  # TODO: adjust when support finer-grained netlink rules
+  network netlink raw,
+
   /dev/ r,
   /dev/bus/usb/ r,
 
diff --git a/profiles/usr.bin.totem b/profiles/usr.bin.totem
index 8bde7be..0b01bac 100644
--- a/profiles/usr.bin.totem
+++ b/profiles/usr.bin.totem
@@ -10,6 +10,8 @@
   #include <abstractions/python>
   #include <abstractions/totem>
 
+  signal (send) set=("kill") peer=unconfined,
+
   # Maybe in an abstraction?
   /usr/include/**/pyconfig.h r,
 
-- 
GitLab