/etc/apparmor.d/abstractions/totem is in apparmor-profiles-extra 1.4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | # vim:syntax=apparmor
# Author: Jamie Strandboge <jamie@canonical.com>
# Description: Limit executable access and reasonable read access. A look at
# the gconf schema files for totem-video-thumbnailer reveals at least the
# following files:
# 3gpp, ac3, acm, aiff, amr-wb, ape, asf, asx, au, avi, basic, divx, dv, flac,
# flc, fli, flic, flv, google-video-pointer, gpp, gsm, m4a, m4v, matroska,
# midi, mod, mp3, mp4, mp4es, mpeg, mpt2, msvideo, ms-wm, musepack,mxf,
# netshow, nsv, off, ogm, pict, pn-realaudio, prs.sid, quicktime, ram,
# realpix, rn, sbc, sdp, shorten, speex, theora, totem-stream, tta, ultravox,
# vivo, vorbis, wav, wavpack, wax, webm, wma, wmv, wmx, wpl, wvx, x-anim,
# x-it, xm
#
# While ideally we would narrow down our read access to the above, this is
# a maintenance problem and doesn't work for files without extensions.
#include <abstractions/gnome>
#include <abstractions/gstreamer>
#include <abstractions/nameservice>
#include <abstractions/dbus-session>
# Allow read on all directories
/**/ r,
# Allow read on removable media and files in /usr/share and /usr/local/share
/usr/local/share/** r,
/usr/share/** r,
/{media,mnt,opt,srv}/** r,
/usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Cix -> gst_plugin_scanner,
owner @{HOME}/.cache/tracker/meta.db k,
owner @{HOME}/.cache/tracker/meta.db-shm k,
owner @{HOME}/.local/share/grilo-plugins/*.db k,
|