Home Explore Help
Sign In
lanodan
/
badwolf
mirror of https://hacktivis.me/git/badwolf.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: settings
Branches Tags
badwolf
/
usr.bin.badwolf

usr.bin.badwolf 2.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. # BadWolf: Minimalist and privacy-oriented WebKitGTK+ browser
    2. 

  2. # Copyright © 2019-2020 Badwolf Authors <https://hacktivis.me/projects/badwolf>
    3. 

  3. # SPDX-License-Identifier: BSD-3-Clause
    4. 

  4. #
    5. 

  5. # Made on Gentoo Linux with PREFIX=/usr
    6. 

  6. #include <tunables/global>
    7. 

  7. 

  8. /usr/bin/badwolf {
    9. 

  9. 	#include <abstractions/enchant>
    10. 

  10. 	#include <abstractions/gnome>
    11. 

  11. 	#include <abstractions/ibus>
    12. 

  12. 	#include <abstractions/uim>
    13. 

  13. 	#include <abstractions/private-files-strict>
    14. 

  14. 

  15. 	/usr/bin/badwolf mr,
    16. 

  16. 	/usr/bin/bwrap Cx,
    17. 

  17. 	/usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess Cx,
    18. 

  18. 	/usr/libexec/webkit2gtk-4.0/WebKitWebProcess Cx,
    19. 

  19. 

  20. 	owner @{PROC}/@{pid}/cmdline r,
    21. 

  21. 	owner @{PROC}/@{pid}/fd/ r,
    22. 

  22. 

  23. 	owner @{HOME}/.local/share/badwolf/ r,
    24. 

  24. 	owner @{HOME}/.local/share/badwolf/** r,
    25. 

  25. 

  26. 	deny @{HOME}/.local/share/webkitgtk/** rwmlk,
    27. 

  27. 

  28. 	/ r,
    29. 

  29. 	/** r,
    30. 

  30. 

  31. 	#include <local/usr.bin.badwolf>
    32. 

  32. 

  33. 	profile /usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess {
    34. 

  34. 		#include <abstractions/base>
    35. 

  35. 		#include <abstractions/nameservice>
    36. 

  36. 		#include <abstractions/ssl_certs>
    37. 

  37. 		#include <abstractions/private-files-strict>
    38. 

  38. 

  39. 		network inet stream,
    40. 

  40. 		network inet6 stream,
    41. 

  41. 

  42. 		/usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess mr,
    43. 

  43. 		/** r,
    44. 

  44. 		owner /** w,
    45. 

  45. 	}
    46. 

  46. 

  47. 	profile /usr/libexec/webkit2gtk-4.0/WebKitWebProcess {
    48. 

  48. 		#include <abstractions/base>
    49. 

  49. 		#include <abstractions/fonts>
    50. 

  50. 		#include <abstractions/gnome>
    51. 

  51. 		#include <abstractions/gstreamer>
    52. 

  52. 		#include <abstractions/audio>
    53. 

  53. 		#include <abstractions/mesa>
    54. 

  54. 		#include <abstractions/dri-common>
    55. 

  55. 		#include <abstractions/dri-enumerate>
    56. 

  56. 

  57. 		/usr/libexec/webkit2gtk-4.0/WebKitWebProcess mr,
    58. 

  58. 

  59. 		owner @{PROC}/@{pid}/cmdline r,
    60. 

  60. 		owner @{PROC}/@{pid}/fd/ r,
    61. 

  61. 

  62. 		/etc/passwd r,
    63. 

  63. 		/etc/group r,
    64. 

  64. 		/etc/nsswitch.conf r,
    65. 

  65. 		/dev/ r,
    66. 

  66. 

  67. 		owner @{HOME}/.local/share/badwolf/webkit-web-extension/ r,
    68. 

  68. 		owner @{HOME}/.local/share/badwolf/webkit-web-extension/** mr,
    69. 

  69. 	}
    70. 

  70. 

  71. 	profile /usr/bin/bwrap {
    72. 

  72. 		#include <abstractions/base>
    73. 

  73. 

  74. 		deny capability sys_admin,
    75. 

  75. 

  76. 		/usr/bin/bwrap mr,
    77. 

  77. 		@{PROC}/sys/kernel/overflowuid r,
    78. 

  78. 		@{PROC}/sys/kernel/overflowgid r,
    79. 

  79. 		owner @{PROC}/@{pid}/fd/ r,
    80. 

  80. 	}
    81. 

  81. }
    82. 

  82.