From 91cb448fbe749112d31ac918926731a081d0386b Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Mon, 11 Jun 2018 23:31:23 -0500
Subject: Add profiles for Microsoft Office Online apps (from Manjaro devs)

---
 README.md                  |  3 +++
 RELNOTES                   |  2 ++
 etc/ms-excel.profile       | 12 ++++++++++++
 etc/ms-office.profile      | 44 ++++++++++++++++++++++++++++++++++++++++++++
 etc/ms-onenote.profile     | 12 ++++++++++++
 etc/ms-outlook.profile     | 12 ++++++++++++
 etc/ms-powerpoint.profile  | 12 ++++++++++++
 etc/ms-skype.profile       | 13 +++++++++++++
 etc/ms-word.profile        | 12 ++++++++++++
 src/firecfg/firecfg.config |  7 +++++++
 10 files changed, 129 insertions(+)
 create mode 100644 etc/ms-excel.profile
 create mode 100644 etc/ms-office.profile
 create mode 100644 etc/ms-onenote.profile
 create mode 100644 etc/ms-outlook.profile
 create mode 100644 etc/ms-powerpoint.profile
 create mode 100644 etc/ms-skype.profile
 create mode 100644 etc/ms-word.profile

diff --git a/README.md b/README.md
index 25d543652..1c4ffc4aa 100644
--- a/README.md
+++ b/README.md
@@ -99,3 +99,6 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 
 `````
 # Current development version: 0.9.55
+
+## New profiles
+Microsoft Office Online
diff --git a/RELNOTES b/RELNOTES
index 67cda39e3..f1b7a6b0a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,6 +3,8 @@ firejail (0.9.55) baseline; urgency=low
   * modif: removed CFG_CHROOT_DESKTOP configuration option
   * support full paths in private-lib
   * globbing support in private-lib
+  * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint
+  * new profiles: ms-skype, ms-word
  -- netblue30 <netblue30@yahoo.com>  Fri, 25 May 2018 08:00:00 -0500
 
 firejail (0.9.54) baseline; urgency=low
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile
new file mode 100644
index 000000000..4fb8c6fc1
--- /dev/null
+++ b/etc/ms-excel.profile
@@ -0,0 +1,12 @@
+# Firejail profile for Microsoft Office Online - Excel
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-excel.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-excel-online
+private-bin ms-excel
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
new file mode 100644
index 000000000..49bc4ad37
--- /dev/null
+++ b/etc/ms-office.profile
@@ -0,0 +1,44 @@
+# Firejail profile for Microsoft Office Online
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-office.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-office-online
+noblacklist ${HOME}/.jak
+
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin bash,fonts,env,jak,ms-office,python*,sh
+private-etc ca-certificates,resolv.conf,ssl
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile
new file mode 100644
index 000000000..520544ab4
--- /dev/null
+++ b/etc/ms-onenote.profile
@@ -0,0 +1,12 @@
+# Firejail profile for Microsoft Office Online - Onenote
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-onenote.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-onenote-online
+private-bin ms-onenote
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile
new file mode 100644
index 000000000..e438bbdfc
--- /dev/null
+++ b/etc/ms-outlook.profile
@@ -0,0 +1,12 @@
+# Firejail profile for Microsoft Office Online - Outlook
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-outlook.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-outlook-online
+private-bin ms-outlook
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile
new file mode 100644
index 000000000..82be095d0
--- /dev/null
+++ b/etc/ms-powerpoint.profile
@@ -0,0 +1,12 @@
+# Firejail profile for Microsoft Office Online - Powerpoint
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-powerpoint.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-powerpoint-online
+private-bin ms-powerpoint
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile
new file mode 100644
index 000000000..fa3c4a314
--- /dev/null
+++ b/etc/ms-skype.profile
@@ -0,0 +1,13 @@
+# Firejail profile for Microsoft Office Online - Skype
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-skype.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-skype-online
+ignore novideo
+private-bin ms-skype
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/etc/ms-word.profile b/etc/ms-word.profile
new file mode 100644
index 000000000..fdcab27a7
--- /dev/null
+++ b/etc/ms-word.profile
@@ -0,0 +1,12 @@
+# Firejail profile for Microsoft Office Online - Word
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ms-word.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/ms-word-online
+private-bin ms-word
+
+# Redirect
+include /etc/firejail/ms-office.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b966159c6..da614ae90 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -272,6 +272,13 @@ minetest
 mousepad
 mplayer
 mpv
+ms-excel
+ms-office
+ms-onenote
+ms-outlook
+ms-powerpoint
+ms-skype
+ms-word
 multimc5
 mumble
 mupdf
-- 
cgit v1.2.3-70-g09d2