usr.bin.badwolf 2.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. # BadWolf: Minimalist and privacy-oriented WebKitGTK+ browser
  2. # Copyright © 2019-2020 Badwolf Authors <https://hacktivis.me/projects/badwolf>
  3. # SPDX-License-Identifier: BSD-3-Clause
  4. #
  5. # Made on Gentoo Linux with PREFIX=/usr
  6. #include <tunables/global>
  7. /usr/bin/badwolf {
  8. #include <abstractions/enchant>
  9. #include <abstractions/gnome>
  10. #include <abstractions/ibus>
  11. #include <abstractions/uim>
  12. #include <abstractions/private-files-strict>
  13. /usr/bin/badwolf mr,
  14. /usr/bin/bwrap Cx,
  15. /usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess Cx,
  16. /usr/libexec/webkit2gtk-4.0/WebKitWebProcess Cx,
  17. owner @{PROC}/@{pid}/cmdline r,
  18. owner @{PROC}/@{pid}/fd/ r,
  19. owner @{HOME}/.local/share/badwolf/ r,
  20. owner @{HOME}/.local/share/badwolf/** r,
  21. deny @{HOME}/.local/share/webkitgtk/** rwmlk,
  22. / r,
  23. /** r,
  24. #include <local/usr.bin.badwolf>
  25. profile /usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess {
  26. #include <abstractions/base>
  27. #include <abstractions/nameservice>
  28. #include <abstractions/ssl_certs>
  29. #include <abstractions/private-files-strict>
  30. network inet stream,
  31. network inet6 stream,
  32. /usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess mr,
  33. /** r,
  34. owner /** w,
  35. }
  36. profile /usr/libexec/webkit2gtk-4.0/WebKitWebProcess {
  37. #include <abstractions/base>
  38. #include <abstractions/fonts>
  39. #include <abstractions/gnome>
  40. #include <abstractions/gstreamer>
  41. #include <abstractions/audio>
  42. #include <abstractions/mesa>
  43. #include <abstractions/dri-common>
  44. #include <abstractions/dri-enumerate>
  45. /usr/libexec/webkit2gtk-4.0/WebKitWebProcess mr,
  46. owner @{PROC}/@{pid}/cmdline r,
  47. owner @{PROC}/@{pid}/fd/ r,
  48. /etc/passwd r,
  49. /etc/group r,
  50. /etc/nsswitch.conf r,
  51. /dev/ r,
  52. owner @{HOME}/.local/share/badwolf/webkit-web-extension/ r,
  53. owner @{HOME}/.local/share/badwolf/webkit-web-extension/** mr,
  54. }
  55. profile /usr/bin/bwrap {
  56. #include <abstractions/base>
  57. deny capability sys_admin,
  58. /usr/bin/bwrap mr,
  59. @{PROC}/sys/kernel/overflowuid r,
  60. @{PROC}/sys/kernel/overflowgid r,
  61. owner @{PROC}/@{pid}/fd/ r,
  62. }
  63. }