diff --git a/opt.zoom.ZoomLauncher b/opt.zoom.ZoomLauncher index af57fa8..ca1049c 100644 --- a/opt.zoom.ZoomLauncher +++ b/opt.zoom.ZoomLauncher @@ -1,23 +1,25 @@ -# Last Modified: Mon Apr 25 22:40:23 2022 -include +# Last Modified: Tue Apr 26 11:45:27 2022 +#include -/opt/zoom/ZoomLauncher flags=(complain) { - include - include - include - include - include - include - include - include - include - include - include - include - include - include +/opt/zoom/ZoomLauncher { + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include - dbus (receive send) bus=accessibility, + network netlink dgram, + + dbus (receive send) bus=system path=/org/freedesktop/NetworkManager/Settings, dbus receive bus=session interface=org.a11y.atspi**, dbus receive bus=system path=/org/freedesktop/NetworkManager, dbus send bus=session peer=(name=org.a11y.Bus), @@ -27,11 +29,19 @@ include signal send set=usr2 peer=/usr/bin/pacmd, deny ptrace read peer=/usr/bin/pidof, + deny ptrace read peer=pidof, deny ptrace trace, ptrace read peer=/opt/zoom/QtWebEngineProcess, ptrace read peer=/usr/bin/pacmd, + unix (bind) type=dgram, + + deny /usr/bin/pidof x, + deny /{,usr/}bin/dash x, + deny /{,usr/}bin/grep x, + deny /{,usr/}bin/ps x, + deny /{,usr/}bin/readlink x, deny @{HOME}/.Private mrwlk, deny @{PROC}/[0-9]*/cmdline mrwlk, @@ -78,7 +88,6 @@ include /usr/bin/mkfifo rUx, # investigate /usr/bin/pacmd ix, /usr/bin/pactl ix, - /usr/bin/pidof Ux, /usr/bin/xdg-open rUx, /usr/share/fontconfig/conf.avail/** r, /usr/share/fonts/truetype/** mr, @@ -89,20 +98,18 @@ include /usr/share/themes/Default/gtk-3.0/gtk-keys.css r, /var/lib/flatpak/exports/share/mime/mime.cache m, /{,usr/}bin/cat ix, - /{,usr/}bin/dash ix, - /{,usr/}bin/grep ix, - /{,usr/}bin/ps rUx, - /{,usr/}bin/readlink ix, /{,usr/}bin/uname rUx, /{,usr/}sbin/killall5 ix, @{PROC} r, + @{PROC}/@{pid}/comm r, @{PROC}/@{pid}/oom_score_adj w, + @{PROC}/@{pid}/setgroups w, @{PROC}/@{pid}/stat r, @{PROC}/@{pid}/task/* r, + @{PROC}/@{pid}/task/comm rw, @{PROC}/[0-9]*/net/dev r, @{PROC}/[0-9]*/net/if_inet6 r, @{PROC}/[0-9]*/net/ipv6_route r, - @{PROC}/[0-9]*/net/wireless r, @{PROC}/bus/pci/devices r, @{PROC}/sys/dev/i915/perf_stream_paranoid r, @{PROC}/sys/kernel/osrelease r, @@ -111,6 +118,7 @@ include owner "@{HOME}/.config/Unknown Organization/**" rwk, owner /dev/shm/.org.chromium.Chromium* mrw, owner /{,var/}run/user/*/dconf/user rw, + owner /{,var/}run/user/[0-9]*/pulse/cli rw, owner @{HOME}/.cache/mesa_shader_cache/ rw, owner @{HOME}/.cache/mesa_shader_cache/** rwk, owner @{HOME}/.cache/mesa_shader_cache/index mrw, @@ -123,8 +131,6 @@ include owner @{HOME}/.cache/zoom/qmlcache/ mrwk, owner @{HOME}/.cache/zoom/qmlcache/** mrwk, owner @{HOME}/.config/.@{pid} rwk, - owner @{HOME}/.config/.J* rwk, - owner @{HOME}/.config/.T* rwk, owner @{HOME}/.config/QtProject.conf r, owner @{HOME}/.config/dconf/user rw, owner @{HOME}/.config/gtk-3.0/settings.ini r, @@ -144,12 +150,11 @@ include owner @{HOME}/Documents/Zoom/ rwk, owner @{HOME}/Documents/Zoom/** rwk, owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/mounts r, profile lsb_release { - include - include + #include + #include deny /tmp/gtalkplugin.log w,