AppArmor: fix "Save Page As" with Tor Browser 8.0a9 (refs: #15023)

Cherry-picked from https://github.com/micahflee/torbrowser-launcher/commit/ad95bbda69045f3c9ace241939ee9e1fccc16ac8

AppArmor: fix "Save Page As" with Tor Browser 8.0a9 (refs: #15023)
Cherry-picked from https://github.com/micahflee/torbrowser-launcher/commit/ad95bbda69045f3c9ace241939ee9e1fccc16ac8
1725d02c · intrigeri · 560b27f2 · 1725d02c
Commit 1725d02c authored Jul 03, 2018 by intrigeri
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 5 deletions

config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch ...ncludes/usr/share/tails/torbrowser-AppArmor-profile.patch +13 -5

No files found.
--- a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
+++ b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
@@ -15,7 +15,7 @@ index d0aded9..3be3872 100644
 
   # Uncomment the following lines if you want to give the Tor Browser read-write
   # access to most of your personal files.
-@@ -25,13 +26,16 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -25,13 +26,16 @@
   deny /etc/passwd r,
   deny /etc/group r,
   deny /etc/mailcap r,
@@ -34,7 +34,7 @@ index d0aded9..3be3872 100644
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/stat r,
-@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -39,30 +43,32 @@
   owner @{PROC}/@{pid}/task/*/stat r,
   @{PROC}/sys/kernel/random/uuid r,
 
@@ -91,7 +91,15 @@ index d0aded9..3be3872 100644
 
   /etc/mailcap r,
   /etc/mime.types r,
-@@ -85,12 +91,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -70,6 +76,7 @@
+   /usr/share/ r,
+   /usr/share/mime/ r,
+   /usr/share/themes/ r,
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+   /usr/share/applications/** rk,
+   /usr/share/gnome/applications/ r,
+   /usr/share/gnome/applications/kde4/ r,
+@@ -85,12 +92,6 @@
   /sys/devices/system/node/node[0-9]*/meminfo r,
   deny /sys/devices/virtual/block/*/uevent r,
 
@@ -104,7 +112,7 @@ index d0aded9..3be3872 100644
   # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
   owner /{dev,run}/shm/org.chromium.* rw,
 
-@@ -104,6 +104,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -104,6 +105,32 @@
   deny @{HOME}/.cache/fontconfig/** rw,
   deny @{HOME}/.config/gtk-2.0/ rw,
   deny @{HOME}/.config/gtk-2.0/** rw,
@@ -137,7 +145,7 @@ index d0aded9..3be3872 100644
   deny @{PROC}/@{pid}/net/route r,
   deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
   deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
-@@ -119,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -119,5 +146,10 @@
   /etc/xfce4/defaults.list r,
   /usr/share/xfce4/applications/ r,