File: //etc/apparmor.d/pkg_FileStation
# ----------------------------------------------------------------------------
#
# Copyright (C) 2000-2014 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------
#include <tunables/global>
^/usr/syno/sbin/synoscgi//SYNO.FileStation.BackgroundTask {
#include <abstractions.pkg/webfm/base>
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.CheckExist {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
/volume*/{,**} r,
/volume*/@{,**} rw,
/volume*/usbshare*/@*/** rw,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.CheckPermission {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/synovfs>
capability sys_admin,
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Compress {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/taskmanager>
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.CopyMove {
#include <abstractions/share>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/taskmanager>
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.CreateFolder {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions.pkg/webfm/index>
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Delete {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/taskmanager>
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.DirSize {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
/volume*/{,**} r,
/volume*/@{,**} rw,
/volume*/usbshare*/@*/** rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Download {
#include <abstractions/share>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/autoblock>
#include <abstractions/notification>
#include <abstractions/authentication>
#include <abstractions/log>
/usr/syno/etc/ssl/cgi.key/{,*} r,
/usr/bin/openssl rix,
/usr/syno/etc.defaults/mimetypes.txt r,
/usr/syno/etc/filebrowser/ r,
/usr/syno/etc/filebrowser/fbsharing.db* rwk,
/usr/syno/etc/preference/*/ w,
/usr/syno/synoman/webman/error.cgi rix,
/usr/syno/etc/private/session/syno-access-token.db rwk,
/usr/syno/etc/private/session/syno-access-token.db-journal rwk,
/usr/syno/synoman/webman/fbsharing_login_* rwk,
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.External.GoogleDrive {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
/volume*/{,**} r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Extract {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/taskmanager>
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Favorite {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/userdirfavorites rwk,
/volume*/{,**} r,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.FormUpload {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/index>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/taskmanager>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
/usr/syno/etc/preference/{,*}/dsmnotify rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Info {
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/synovfs>
capability chown,
capability fowner,
/usr/syno/etc/mount.conf r,
/usr/syno/etc/synovfs/{,**} rk,
/usr/syno/etc/synoS2S.info r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.List {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/fileindex>
/usr/syno/etc/synoS2S.info r,
/usr/syno/etc/private/session/syno-access-token.db rwk,
/usr/syno/etc/private/session/syno-access-token.db-journal rwk,
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.MD5 {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
capability chown,
capability fowner,
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Mount flags=(attach_disconnected mediate_deleted) {
#include <abstractions/share>
#include <abstractions/synomount>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/nfs-utils-1.2.x>
capability fowner,
capability sys_admin,
mount,
umount,
/dev/loop* rw,
/etc/exports{,_syno} r,
/etc/mtab* rwlk,
/proc/self/mounts r,
/usr/syno/etc/mount.conf{,.*} rw,
/volume*/{,**} rw,
/usr/sbin/mount.nfs rix,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Mount.List flags=(attach_disconnected) {
#include <abstractions/share>
#include <abstractions/synomount>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/nfs-utils-1.2.x>
mount,
umount,
/dev/loop* rw,
/etc/exports{,_syno} r,
/etc/mtab* rwlk,
/proc/self/mounts r,
/usr/syno/etc/mount.conf{,.*} rw,
/volume*/{,**} rw,
/usr/sbin/mount.nfs rix,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Notify {
#include <abstractions.pkg/webfm/base>
#include <abstractions/taskmanager>
capability chown,
capability fowner,
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Property {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions.pkg/webfm/index>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Property.ACLOwner {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions.pkg/webfm/index>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Property.CompressSize {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions.pkg/webfm/index>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Property.Mtime {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions.pkg/webfm/index>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Rename {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/index>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Search {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/fileindex>
capability sys_resource,
/usr/syno/etc.defaults/fileindexresult.sql r,
/volume*/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Settings flags=(attach_disconnected mediate_deleted) {
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/synoservice>
#include <abstractions/pgsql>
#include <abstractions/log>
#include <abstractions/share>
#include <abstractions/storage>
#include <abstractions/libsynostorage>
capability sys_admin,
umount,
/etc/portforward/rule.conf r,
/etc/synoinfo.conf{,.*} rw,
/usr/syno/etc.defaults/rc.sysv/synologd.sh rix,
/usr/syno/etc/bandwidth/ w,
/usr/syno/etc/bandwidth/bandwidth.*.conf{,.*} rwk,
/usr/syno/etc/mount.conf{,.*} rw,
/usr/syno/etc/preference/*/ w,
/etc/mtab* rwlk,
/proc/self/mounts r,
/dev/loop* rw,
/etc/exports{,_syno} r,
/usr/syno/etc/mount.conf{,.*} rw,
/etc/pam.d/other/ r,
/volume*/@appstore/WebDAVServer/etc/webdav.cfg r,
/volume*/ r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Sharing {
#include <abstractions/openssl>
#include <abstractions/share>
#include <abstractions/log>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
/etc/portforward/rule.conf r,
/usr/syno/etc/preference/*/ w,
/usr/syno/etc/preference/*/dsmnotify rwk,
/volume*/{,**} r,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
/volume*/@{,**} rw,
/volume*/usbshare*/@*/** rw,
/etc/ddns.conf r,
/usr/syno/sbin/synoddnsinfo rix,
/usr/syno/bin/synodsmnotify px,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Sharing.Download {
#include <abstractions/share>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/synovfs>
#include <abstractions/autoblock>
#include <abstractions/notification>
#include <abstractions/authentication>
#include <abstractions/log>
/usr/syno/etc/ssl/cgi.key/{,*} r,
/usr/bin/openssl rix,
/usr/syno/synoman/webapi/SYNO.Core.Region.lib rwk,
/usr/syno/synoman/webapi/lib.def rwk,
/usr/syno/etc.defaults/mimetypes.txt r,
/usr/syno/etc/preference/*/ w,
/usr/syno/synoman/webman/error.cgi rix,
/usr/syno/etc/private/session/syno-access-token.db rwk,
/usr/syno/etc/private/session/syno-access-token.db-journal rwk,
/usr/syno/synoman/webman/fbsharing_login_* rwk,
/volume*/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.SnapShot {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
/volume*/{,**} r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Thumb {
#include <abstractions/share>
#include <abstractions/imagemagick>
#include <abstractions.pkg/webfm/base>
capability sys_resource,
/volume*/** rwk,
/var/tmp/{,**} rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Timeout {
#include <abstractions.pkg/webfm/base>
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.UIString {
#include <abstractions/base>
#include <abstractions/base-cgi>
#include <abstractions/nameservice>
#include <abstractions.pkg/webfm/base>
/usr/syno/synoman/webfm/texts/** r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.Upload {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/index>
capability chown,
capability fowner,
capability fsetid,
/volume*/{,**} rwk,
/usr/syno/etc/preference/{,*}/dsmnotify rwk,
/usr/syno/bin/synodsmnotify px,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.UserGrp flags=(attach_disconnected mediate_deleted) {
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
/etc/synoinfo.conf{,.*} r,
/usr/syno/synoman/webapi/SYNO.Core.ACL.lib rk,
/usr/syno/synoman/webapi/lib.def rk,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.VFS.Connection {
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions/share>
#include <abstractions.pkg/webfm/sharing>
capability chown,
capability fowner,
capability sys_admin, # fusermount
/volume*/{,**} r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.VFS.GDrive {
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions/autoblock>
#include <abstractions/notification>
#include <abstractions/log>
#include <abstractions/openssl>
/usr/syno/etc/ssl/cgi.key/{,*} r,
/usr/syno/etc.defaults/mimetypes.txt r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.VFS.Profile {
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/share>
capability chown,
capability fowner,
capability sys_admin, # fusermount
/volume*/{,**} r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.VFS.Protocol {
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
/usr/share/gvfs/mounts/{,*.mount} r,
}
^/usr/syno/sbin/synoscgi//SYNO.FileStation.VirtualFolder {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions/synovfs>
#include <abstractions.pkg/webfm/sharing>
/usr/syno/etc/mount.conf r,
/volume*/{,**} r,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FolderSharing.Download {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/bandwidth>
#include <abstractions.pkg/webfm/sharing>
capability chown,
capability fowner,
capability fsetid,
/usr/syno/etc.defaults/mimetypes.txt r,
/usr/syno/etc/preference/*/ w,
/usr/syno/synoman/webman/error.cgi rix,
/usr/syno/synoman/webapi/folderSharing.api mrwk,
/usr/syno/synoman/webapi/foldersharing.auth mrwk,
/volume*/{,**} r,
/volume*/@{,**} rw,
/volume*/usbshare*/@*/** rw,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FolderSharing.List {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
capability chown,
capability fowner,
/usr/syno/synoman/webapi/folderSharing.api mrwk,
/usr/syno/synoman/webapi/foldersharing.auth mrwk,
/volume*/{,**} r,
/volume*/@{,**} rw,
/volume*/usbshare*/@*/** rw,
/volume*/homes/{,**} rw,
/volume*/usbshare*/homes/{,**} rw,
}
^/usr/syno/sbin/synoscgi//SYNO.FolderSharing.Thumb {
#include <abstractions/share>
#include <abstractions.pkg/webfm/base>
#include <abstractions.pkg/webfm/sharing>
#include <abstractions/imagemagick>
/usr/syno/synoman/webapi/folderSharing.api mrwk,
/usr/syno/synoman/webapi/foldersharing.auth mrwk,
capability chown,
capability fowner,
/volume*/{,**} rwk,
/var/tmp/{,**} rwk,
}