[apparmor] New LibreOffice Profile

[Christian Boltz]

Hello,

Am Donnerstag, 5. Februar 2015 schrieb Bryan Quigley:
> I've taken a few stabs (and followed a few others) at creating a
> useful LibreOffice profile (attached, previous iterations[1]).
> 
> This profile should not be turned on by default because:

That means it should probably live in the extra profiles directory, with 
the disadvantage that not too many people look into it or use it.

> Will not open a file without an known extension
> Will not open rw a file if it's not under /media or /home.

That doesn't match your soffice.bin profile, see below for a possible 
solution.

> The permissions are quite lenient (due to file selector) but I believe
> it still provides advantages.

Indeed, the soffice.bin comes with an impressive collection of 
abstractions and other permissions. (I hope you have good reasons for 
each of them ;-)

Maybe you should add a comment explaining exactly that:
    "What this profile will / will not do"

> [1] https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1284507

To answer your follow-up first - it seems most people are currently too 
busy to review patches. I'm suffering from that myself - as you probably 
noticed, I have some patches pending without feedback...

Anyway, I just looked at your profiles.

The xpdfimport looks good.

Just to be sure - does it really only need write access to temp files?

Nitpicking:
- if the tempfiles use a defined name scheme (for example 
  /tmp/xpdfimport.*), you should use that (with "owner" keyword) instead 
  of abstractions/user-tmp
- OTOH, instead of all the /lib* and /usr/lib* permissions, you could
  use the slightly more permissive abstractions/base to simplify
  the profile


The soffice.bin profile is a bit more interesting ;-)

  /**.[hH][tT][mM]?	rwk,  # html, htm, etc
  /**.[xX][hH][tT][mM]?	rwk,  # x^

This doesn't match the comment - the rules will match *.html and *.xhtml 
(and also *.htma, which you probably don't want), but not *.htm and 
*.xhtm.

You can merge both lines into
  /**.{,x,X}[hH][tT][mM]{,l,L}   rwk,   # htm, html, xhtm, xhtml
or add separate lines to have it more readable)

  /**.[pP][nN][gG]? rw,
  /**.[sS][vV][gG]? rw,

Those mean .svgX and pngX, where X is any char. I'd guess you should 
delete the ? ;-)

  /**.[dD][oO]* 	rwk,
  /**.[xX][lL]*		rwk,
  /**.[pP][pP]*		rwk, 
  /**.[pP][oO][tT]*	rwk,

might be a bit broad - if possible, replace * with a set of letters.


Another option might be to define a variable with all those extensions, 
for example

@{libreoffice_ext} = [oO][dD]? [oO][tT]?   # .od*, .ot*
@{libreoffice_ext} += [fF][oO][dD]?   # .fod*
@{libreoffice_ext} += [xX][mM][lL]   # .xml

By using +=, you can keep the definition readable.

The advantage of using a variable is that it makes the profile a bit 
more readable and even allows to restrict in which directories you allow 
write access. You could do something like

/**.@{libreoffice_ext} r,   # read from everywhere and everybody
owner @{HOME}/**.@{libreoffice_ext} rw,   # write own files in $HOME
owner /tmp/**.@{libreoffice_ext} rw,   # ... and own files in /tmp


That all said - I didn't find anything that looks wrong in your 
profiles, so I'm willing to commit them to the extra-profiles directory 
with the above answered and (optionally) some of my proposed changes 
included.


Regards,

Christian Boltz
-- 
> Alle Distributionen saugen - die Schmerzen sind nur *anders*
Für die einen ist es Linux, für die anderen der flexibelste
Schmerzbaukasten der Welt.       [> G. Doering + Oli Schad]