11 files changed, 125 insertions, 1 deletions

diff --git a/etc/android-studio.profile b/etc/android-studio.profile
new file mode 100644
index 000000000..68a3cdc85
--- /dev/null
+++ b/etc/android-studio.profile
@@ -0,0 +1,37 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/android-studio.local
+
+# Firejail profile for Android Studio
+
+noblacklist ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+#nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+#private-tmp
+
+noexec /tmp
diff --git a/etc/arduino.profile b/etc/arduino.profile
index 60c071c01..ff605501d 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -8,6 +8,7 @@ include /etc/firejail/arduino.local
 # Firejail profile for arduino
 noblacklist ${HOME}/.arduino15
 noblacklist ${HOME}/Arduino
+noblacklist ${HOME}/.java
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 655a44a04..3c98b8ac3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -4,8 +4,10 @@ include /etc/firejail/disable-programs.local
 
 blacklist ${HOME}/.*coin
 blacklist ${HOME}/.8pecxstudios
+blacklist ${HOME}/.AndroidStudio*
 blacklist ${HOME}/.Atom
 blacklist ${HOME}/.FBReader
+blacklist ${HOME}/.IdeaIC*
 blacklist ${HOME}/.LuminanceHDR
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Natron
@@ -16,6 +18,7 @@ blacklist ${HOME}/.Steampid
 blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.android
 blacklist ${HOME}/.arduino15
 blacklist ${HOME}/.atom
 blacklist ${HOME}/.attic
@@ -192,11 +195,13 @@ blacklist ${HOME}/.googleearth/Cache/
 blacklist ${HOME}/.googleearth/Temp/
 blacklist ${HOME}/.googleearth/myplaces.backup.kml
 blacklist ${HOME}/.googleearth/myplaces.kml
+blacklist ${HOME}/.gradle
 blacklist ${HOME}/.guayadeque
 blacklist ${HOME}/.hedgewars
 blacklist ${HOME}/.hugin
 blacklist ${HOME}/.icedove
 blacklist ${HOME}/.inkscape
+blacklist ${HOME}/.java
 blacklist ${HOME}/.jitsi
 blacklist ${HOME}/.kde4/share/apps/gwenview
 blacklist ${HOME}/.kde4/share/apps/kcookiejar
@@ -249,6 +254,7 @@ blacklist ${HOME}/.local/share/0ad
 blacklist ${HOME}/.local/share/3909/PapersPlease
 blacklist ${HOME}/.local/share/akregator
 blacklist ${HOME}/.local/share/Empathy
+blacklist ${HOME}/.local/share/JetBrains
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/QuiteRss
 blacklist ${HOME}/.local/share/Ricochet
@@ -338,6 +344,7 @@ blacklist ${HOME}/.sylpheed-2.0
 blacklist ${HOME}/.synfig
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.thunderbird
+blacklist ${HOME}/.tooling
 blacklist ${HOME}/.ts3client
 blacklist ${HOME}/.viking
 blacklist ${HOME}/.viking-maps
@@ -387,6 +394,7 @@ blacklist ${HOME}/.cache/netsurf
 blacklist ${HOME}/.cache/opera
 blacklist ${HOME}/.cache/opera-beta
 blacklist ${HOME}/.cache/org.gnome.Books
+blacklist ${HOME}/.cache/peek
 blacklist ${HOME}/.cache/qBittorrent
 blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/simple-scan
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 729dabeb7..aba484718 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -1,3 +1,4 @@
+quiet
 # Persistent global definitions go here
 include /etc/firejail/globals.local
 
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
new file mode 100644
index 000000000..771131262
--- /dev/null
+++ b/etc/idea.sh.profile
@@ -0,0 +1,37 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/idea.sh.local
+
+# Firejail profile for IntelliJ IDEA Community Edition
+
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+#nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+#private-tmp
+
+noexec /tmp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index a96eedee6..32b43cdf1 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -10,6 +10,7 @@ include /etc/firejail/jd-gui.local
 #
 
 noblacklist ${HOME}/.config/jd-gui.cfg
+noblacklist ${HOME}/.java
 
 #Blacklist Paths
 include /etc/firejail/disable-common.inc
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 90d87df2f..fe5861e4a 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -7,6 +7,7 @@ include /etc/firejail/libreoffice.local
 
 # Firejail profile for LibreOffice
 noblacklist ~/.config/libreoffice
+noblacklist ${HOME}/.java
 noblacklist /usr/local/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index e45ab9cba..6b0696064 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -10,6 +10,7 @@ include /etc/firejail/multimc5.local
 #
 
 #No Blacklist Paths
+noblacklist ${HOME}/.java
 noblacklist ${HOME}/.local/share/multimc5
 noblacklist ${HOME}/.multimc5
 
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index 611ca3775..b46ac9294 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -8,6 +8,7 @@ include /etc/firejail/pdfsam.local
 #
 #Profile for pdfsam
 #
+noblacklist ${HOME}/.java
 
 #Blacklist Paths
 include /etc/firejail/disable-common.inc
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
new file mode 100644
index 000000000..bcad82b5d
--- /dev/null
+++ b/etc/silentarmy.profile
@@ -0,0 +1,33 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/silentarmy.local
+
+# Firejail profile for SILENTARMY
+
+include /etc/firejail/disable-common.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private
+#private-bin silentarmy,sa-solver,python3
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index e2dc6216b..9eaa6a83b 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -6,6 +6,7 @@ include /etc/firejail/globals.local
 include /etc/firejail/steam.local
 
 # Steam profile (applies to games/apps launched from Steam as well)
+noblacklist ${HOME}/.java
 noblacklist ${HOME}/.Steam
 noblacklist ${HOME}/.steam
 noblacklist ${HOME}/.Steampath
@@ -29,7 +30,9 @@ noroot
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
-tracelog
+
+# tracelog disabled as it breaks integrated browser
+#tracelog
 
 private-dev
 private-tmp