emorozov/gist:8694826

## gistfile1.txt
# Last Modified: Mon Oct 26 13:29:13 2009
# REPOSITORY: http://apparmor.test.opensuse.org/backend/api draglor 53
# Additional profiling based on work by Андрей Калинин, LP: #226624
#include <tunables/global>
/usr/bin/skype flags=(complain) {
  #include <abstractions/audio>
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/freedesktop.org>
  #include <abstractions/kde>
  #include <abstractions/nameservice>
  #include <abstractions/nvidia>
  #include <abstractions/user-tmp>
  #include <abstractions/gnome>
  #include <abstractions/dbus>
  #include <abstractions/X>

  # are these needed?
  @{PROC}/[0-9]*/cmdline r,
  @{PROC}/[0-9]*/net/route r,
  /dev/video* mrw,
  /var/cache/libx11/compose/* r,
  /usr/share/locale*/*/LC_MESSAGES/*.mo mr,
  /dev/ r,

  # should this be in a separate KDE abstraction?
  @{HOME}/.kde/share/config/kioslaverc r,

  # should this be in an audio abstraction?
  owner /dev/shm/pulse-shm* mrwk,

  @{PROC}/filesystems r,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/** r,

  /usr/share/fonts/**/*.tt[fc] mr,
  /usr/share/fonts/**/*.pfb    mr,
  /usr/share/fonts/**/*.afm    mr,
  /usr/share/fonts/**/*.pfm    mr,
  /usr/share/icons/**          mr,

  /usr/bin/skype mr,
  /usr/share/skype/** kr,
  /usr/share/skype/sounds/*.wav kr,
  /usr/share/skype/lang/*.qm mr,

  # Miscellaneous (to be abstracted)
  /usr/bin/xdg-open Uxr,
  /usr/bin/gnome-open Uxr,

  @{HOME}/.Skype/   rw,
  @{HOME}/.Skype/** krw,
  @{HOME}/.config/* kr,

  @{HOME}/.mozilla/ r,
  @{HOME}/.mozilla/**/ r,
  @{HOME}/.mozilla/*/*/prefs.js r,

  @{HOME}/ r,
  @{HOME}/Загрузки/ r,
  owner @{HOME}/Загрузки/** krw,

  #include <abstractions/private-files>
  audit deny @{HOME}/.ssh/** mrwkl,
  audit deny @{HOME}/.gnome2_private/** mrwkl,
  audit deny @{HOME}/.gnupg/** mrwkl,
}
	# Last Modified: Mon Oct 26 13:29:13 2009
	# REPOSITORY: http://apparmor.test.opensuse.org/backend/api draglor 53
	# Additional profiling based on work by Андрей Калинин, LP: #226624
	#include <tunables/global>
	/usr/bin/skype flags=(complain) {
	#include <abstractions/audio>
	#include <abstractions/base>
	#include <abstractions/fonts>
	#include <abstractions/freedesktop.org>
	#include <abstractions/kde>
	#include <abstractions/nameservice>
	#include <abstractions/nvidia>
	#include <abstractions/user-tmp>
	#include <abstractions/gnome>
	#include <abstractions/dbus>
	#include <abstractions/X>

	# are these needed?
	@{PROC}/[0-9]*/cmdline r,
	@{PROC}/[0-9]*/net/route r,
	/dev/video* mrw,
	/var/cache/libx11/compose/* r,
	/usr/share/locale//LC_MESSAGES/*.mo mr,
	/dev/ r,

	# should this be in a separate KDE abstraction?
	@{HOME}/.kde/share/config/kioslaverc r,

	# should this be in an audio abstraction?
	owner /dev/shm/pulse-shm* mrwk,

	@{PROC}/filesystems r,
	/sys/devices/system/cpu/ r,
	/sys/devices/system/cpu/** r,

	/usr/share/fonts/*/.tt[fc] mr,
	/usr/share/fonts/*/.pfb mr,
	/usr/share/fonts/*/.afm mr,
	/usr/share/fonts/*/.pfm mr,
	/usr/share/icons/** mr,

	/usr/bin/skype mr,
	/usr/share/skype/** kr,
	/usr/share/skype/sounds/*.wav kr,
	/usr/share/skype/lang/*.qm mr,

	# Miscellaneous (to be abstracted)
	/usr/bin/xdg-open Uxr,
	/usr/bin/gnome-open Uxr,

	@{HOME}/.Skype/ rw,
	@{HOME}/.Skype/** krw,
	@{HOME}/.config/* kr,

	@{HOME}/.mozilla/ r,
	@{HOME}/.mozilla/**/ r,
	@{HOME}/.mozilla///prefs.js r,

	@{HOME}/ r,
	@{HOME}/Загрузки/ r,
	owner @{HOME}/Загрузки/** krw,

	#include <abstractions/private-files>
	audit deny @{HOME}/.ssh/** mrwkl,
	audit deny @{HOME}/.gnome2_private/** mrwkl,
	audit deny @{HOME}/.gnupg/** mrwkl,
	}