Add a lot of profiles

24 files changed, 370 insertions, 107 deletions

diff --git a/README.md b/README.md
index 8d2fb534b..4391ac331 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 
 ### New profiles:
 
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free
diff --git a/RELNOTES b/RELNOTES
index 09e43e090..6e75b28a0 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,10 +1,12 @@
 firejail (0.9.63) baseline; urgency=low
   * work in progress
   * DHCP client support
-  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
-  * new profiles: gnome-passwordsafe, bibtex, gummi, latex
-  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc
-  * new profiles: gnome-hexgl
+  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster
+  * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
+  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11
+  * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
+  * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
+  * new profiles: presentations18, presentations18free, textmaker18, textmaker18free
 
 firejail (0.9.62) baseline; urgency=low
   * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/com.github.johnfactotum.Foliate.profile b/etc/com.github.johnfactotum.Foliate.profile
new file mode 100644
index 000000000..39a9a360d
--- /dev/null
+++ b/etc/com.github.johnfactotum.Foliate.profile
@@ -0,0 +1,62 @@
+# Firejail profile for foliate
+# Description: Simple and modern GTK eBook reader
+# This file is overwritten after every install/update
+# Persistent local customizations
+include foliate.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+
+# Allow gjs (blacklisted by disable-interpreters.inc)
+include allow-gjs.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
+mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/hyphen
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin com.github.johnfactotum.Foliate,gjs
+private-cache
+private-dev
+private-etc dconf,fonts,gconf,gtk-3.0
+private-tmp
+
+read-only ${HOME}
+read-write ${HOME}/.cache/com.github.johnfactotum.Foliate
+read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate
diff --git a/etc/desktopeditors.profile b/etc/desktopeditors.profile
new file mode 100644
index 000000000..d0c727c5c
--- /dev/null
+++ b/etc/desktopeditors.profile
@@ -0,0 +1,43 @@
+# Firejail profile for desktopeditors
+# Description: ONLYOFFICE DesktopEditors
+# This file is overwritten after every install/update
+# Persistent local customizations
+include desktopeditors.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/onlyoffice
+noblacklist ${HOME}/.local/share/onlyoffice
+noblacklist ${HOME}/.pki
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+private-bin desktopeditors,sh
+private-cache
+private-dev
+private-tmp
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 9f351a673..bf29cd137 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -18,6 +18,7 @@ blacklist-nolog ${HOME}/.kde4/share/apps/klipper
 blacklist-nolog ${HOME}/.local/share/fish/fish_history
 blacklist-nolog ${HOME}/.local/share/klipper
 blacklist-nolog ${HOME}/.macromedia
+blacklist-nolog ${HOME}/.mupdf.history
 blacklist-nolog ${HOME}/.python-history
 blacklist-nolog ${HOME}/.python_history
 blacklist-nolog ${HOME}/.pythonhist
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 02751a818..7e4947e6f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -267,6 +267,7 @@ blacklist ${HOME}/.config/obs-studio
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
 blacklist ${HOME}/.config/onionshare
+blacklist ${HOME}/.config/onlyoffice
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
@@ -503,6 +504,7 @@ blacklist ${HOME}/.local/share/caja-python
 blacklist ${HOME}/.local/share/cantata
 blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/clipit
+blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 blacklist ${HOME}/.local/share/contacts
 blacklist ${HOME}/.local/share/data/Mendeley Ltd.
 blacklist ${HOME}/.local/share/data/Mumble
@@ -571,6 +573,7 @@ blacklist ${HOME}/.local/share/nomacs
 blacklist ${HOME}/.local/share/notes
 blacklist ${HOME}/.local/share/ocenaudio
 blacklist ${HOME}/.local/share/okular
+blacklist ${HOME}/.local/share/onlyoffice
 blacklist ${HOME}/.local/share/orage
 blacklist ${HOME}/.local/share/org.kde.gwenview
 blacklist ${HOME}/.local/share/pix
@@ -734,6 +737,7 @@ blacklist ${HOME}/.cache/champlain
 blacklist ${HOME}/.cache/chromium
 blacklist ${HOME}/.cache/chromium-dev
 blacklist ${HOME}/.cache/cliqz
+blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
 blacklist ${HOME}/.cache/darktable
 blacklist ${HOME}/.cache/discover
 blacklist ${HOME}/.cache/dnox
diff --git a/etc/freeoffice-planmaker.profile b/etc/freeoffice-planmaker.profile
index 8a53c63e3..b6ca167eb 100644
--- a/etc/freeoffice-planmaker.profile
+++ b/etc/freeoffice-planmaker.profile
@@ -1,38 +1,10 @@
-# Firejail profile for freeoffice-planmaker
+# Firejail profile alias for freeoffice-planmaker
+# Description: SoftMaker FreeOffice - spreadsheet program
 # This file is overwritten after every install/update
 # Persistent local customizations
 include freeoffice-planmaker.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/SoftMaker
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-# include disable-xdg.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-netfilter
-no3d
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
-
-private-cache
-private-dev
-private-tmp
+# Redirect
+include softmaker-common.profile
diff --git a/etc/freeoffice-presentations.profile b/etc/freeoffice-presentations.profile
index 63be4da7f..43661028c 100644
--- a/etc/freeoffice-presentations.profile
+++ b/etc/freeoffice-presentations.profile
@@ -1,38 +1,10 @@
-# Firejail profile for freeoffice-presentations
+# Firejail profile alias for freeoffice-presentations
+# Description: SoftMaker FreeOffice - presentations software
 # This file is overwritten after every install/update
 # Persistent local customizations
 include freeoffice-presentations.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/SoftMaker
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-# include disable-xdg.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-netfilter
-no3d
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
-
-private-cache
-private-dev
-private-tmp
+# Redirect
+include softmaker-common.profile
diff --git a/etc/freeoffice-textmaker.profile b/etc/freeoffice-textmaker.profile
index 4bca5a98c..f7d30eaed 100644
--- a/etc/freeoffice-textmaker.profile
+++ b/etc/freeoffice-textmaker.profile
@@ -1,38 +1,9 @@
-# Firejail profile for freeoffice-textmaker
+# Firejail profile alias for freeoffice-textmaker
+# Description: SoftMaker Office - word processor
 # This file is overwritten after every install/update
-# Persistent local customizations
 include freeoffice-textmaker.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/SoftMaker
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-# include disable-xdg.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-netfilter
-no3d
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
-
-private-cache
-private-dev
-private-tmp
+# Redirect
+include softmaker-common.profile
diff --git a/etc/impressive.profile b/etc/impressive.profile
new file mode 100644
index 000000000..0bfe5de5a
--- /dev/null
+++ b/etc/impressive.profile
@@ -0,0 +1,55 @@
+# Firejail profile for impressive
+# Description: presentation tool with eye candy
+# This file is overwritten after every install/update
+# Persistent local customizations
+include impressive.local
+# Persistent global definitions
+#include globals.local
+
+noblacklist ${DOCUMENTS}
+noblacklist /sbin
+noblacklist /usr/sbin
+
+# Allow python (blacklisted by disable-interpreters.inc)
+#include allow-python2.inc
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/mesa_shader_cache
+whitelist /usr/share/opengl-games-utils
+whitelist /usr/share/zenity
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-cache
+private-dev
+private-tmp
+
+read-only ${HOME}
+read-write ${HOME}/.cache/mesa_shader_cache
diff --git a/etc/mupdf-gl.profile b/etc/mupdf-gl.profile
new file mode 100644
index 000000000..be94a9083
--- /dev/null
+++ b/etc/mupdf-gl.profile
@@ -0,0 +1,13 @@
+# Firejail profile for mupdf-gl
+# Description: Lightweight PDF viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mupdf-gl.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+noblacklist ${HOME}/.mupdf.history
+
+# Redirect
+include mupdf.profile
diff --git a/etc/mupdf-x11-curl.profile b/etc/mupdf-x11-curl.profile
new file mode 100644
index 000000000..a04d386a2
--- /dev/null
+++ b/etc/mupdf-x11-curl.profile
@@ -0,0 +1,18 @@
+# Firejail profile for mupdf-x11-curl
+# Description: Lightweight PDF viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mupdf-x11-curl.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+ignore net none
+
+netfilter
+protocol unix,inet,inet6
+
+private-etc ca-certificates,crypto-policies,hosts,nsswitch.conf,pki,resolv.conf,ssl
+
+# Redirect
+include mupdf.profile
diff --git a/etc/mupdf-x11.profile b/etc/mupdf-x11.profile
new file mode 100644
index 000000000..256201d0c
--- /dev/null
+++ b/etc/mupdf-x11.profile
@@ -0,0 +1,14 @@
+# Firejail profile for mupdf-x11
+# Description: Lightweight PDF viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mupdf-x11.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+memory-deny-write-execute
+read-only ${HOME}
+
+# Redirect
+include mupdf.profile
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 99945bdc9..43afbc859 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -4,7 +4,7 @@
 # Persistent local customizations
 include mupdf.local
 # Persistent global definitions
-include globals.local
+#include globals.local
 
 noblacklist ${DOCUMENTS}
 
@@ -35,10 +35,6 @@ seccomp
 shell none
 tracelog
 
-# private-bin mupdf,rm,sh,tempfile
 private-dev
 private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
 private-tmp
-
-# memory-deny-write-execute
-read-only ${HOME}
diff --git a/etc/muraster.profile b/etc/muraster.profile
new file mode 100644
index 000000000..90e3f2050
--- /dev/null
+++ b/etc/muraster.profile
@@ -0,0 +1,11 @@
+# Firejail profile for muraster
+# Description: Lightweight PDF viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include muraster.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+# Redirect
+include mupdf.profile
diff --git a/etc/mutool.profile b/etc/mutool.profile
new file mode 100644
index 000000000..e61f4665d
--- /dev/null
+++ b/etc/mutool.profile
@@ -0,0 +1,11 @@
+# Firejail profile for mutool
+# Description: Lightweight PDF viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mutool.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+# Redirect
+include mupdf.profile
diff --git a/etc/planmaker18.profile b/etc/planmaker18.profile
new file mode 100644
index 000000000..4cf1efb7f
--- /dev/null
+++ b/etc/planmaker18.profile
@@ -0,0 +1,10 @@
+# Firejail profile for planmaker18
+# Description: SoftMaker Office - spreadsheet program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include planmaker18.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/etc/planmaker18free.profile b/etc/planmaker18free.profile
new file mode 100644
index 000000000..bb85f1fc7
--- /dev/null
+++ b/etc/planmaker18free.profile
@@ -0,0 +1,10 @@
+# Firejail profile for planmaker18free
+# Description: SoftMaker FreeOffice - spreadsheet program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include planmaker18free.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/etc/presentations18.profile b/etc/presentations18.profile
new file mode 100644
index 000000000..ac844d1af
--- /dev/null
+++ b/etc/presentations18.profile
@@ -0,0 +1,10 @@
+# Firejail profile for presentations18
+# Description: SoftMaker Office - presentations software
+# This file is overwritten after every install/update
+# Persistent local customizations
+include presentations18.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/etc/presentations18free.profile b/etc/presentations18free.profile
new file mode 100644
index 000000000..218747224
--- /dev/null
+++ b/etc/presentations18free.profile
@@ -0,0 +1,10 @@
+# Firejail profile for presentations18free
+# Description: SoftMaker FreeOffice - presentations software
+# This file is overwritten after every install/update
+# Persistent local customizations
+include presentations18free.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/etc/softmaker-common.inc b/etc/softmaker-common.inc
new file mode 100644
index 000000000..6eaadee12
--- /dev/null
+++ b/etc/softmaker-common.inc
@@ -0,0 +1,44 @@
+# Firejail profile for softmaker-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include softmaker-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+
+noblacklist ${HOME}/SoftMaker
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+whitelist /usr/share/office2018
+whitelist /usr/share/freeoffice2018
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free
+private-cache
+private-dev
+private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl
+private-tmp
diff --git a/etc/textmaker18.profile b/etc/textmaker18.profile
new file mode 100644
index 000000000..8284df791
--- /dev/null
+++ b/etc/textmaker18.profile
@@ -0,0 +1,10 @@
+# Firejail profile for textmaker18
+# Description: SoftMaker Office - word processor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include textmaker18.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/etc/textmaker18free.profile b/etc/textmaker18free.profile
new file mode 100644
index 000000000..ad945ca55
--- /dev/null
+++ b/etc/textmaker18free.profile
@@ -0,0 +1,10 @@
+# Firejail profile for textmaker18free
+# Description: SoftMaker Office - word processor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include textmaker18free.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include softmaker-common.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 51ec06402..5fdc60af6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -128,6 +128,7 @@ clocks
 cmus
 code
 code-oss
+com.github.johnfactotum.Foliate
 conkeror
 conky
 conplay
@@ -143,6 +144,7 @@ dconf-editor
 ddgtk
 deadbeef
 deluge
+desktopeditors
 devhelp
 dex2jar
 dia
@@ -310,6 +312,7 @@ ideaIC
 idea.sh
 imagej
 img2txt
+impressive
 inkscape
 inkview
 inox
@@ -436,9 +439,14 @@ multimc
 multimc5
 mumble
 mupdf
+mupdf-gl
+mupdf-x11
+mupdf-x11-curl
 mupen64plus
+muraster
 musescore
 musixmatch
+mutool
 mutt
 mypaint
 mypaint-ora-thumbnailer
@@ -500,12 +508,16 @@ pioneer
 pithos
 pitivi
 pix
+planmaker18
+planmaker18free
 playonlinux
 pluma
 pngquant
 polari
 ppsspp
 pragha
+presentations18
+presentations18free
 profanity
 psi-plus
 pybitmessage
@@ -593,6 +605,8 @@ teeworlds
 telegram
 telegram-desktop
 terasology
+textmaker18
+textmaker18free
 thunderbird
 thunderbird-beta
 thunderbird-wayland