# Description: Can access the calendar. This policy group is reserved for
#  vetted applications only in this version of the policy. Once LP: #1227824
#  is fixed, this can be moved out of reserved status.
# Usage: reserved

# The gsettings entries for EDS aren't required for the calendar, so
# just silence these
# TODO: remove when we have gsettings mediation
deny /{,var/}run/user/*/dconf/user r,
deny /{,var/}run/user/*/dconf/user w,
deny @{HOME}/.config/dconf/user    r,

dbus (receive, send)
     bus=session
     path=/org/gnome/evolution/dataserver/SourceManager{,/**}
     peer=(label=unconfined),
dbus (receive, send)
     bus=session
     path=/org/gnome/evolution/dataserver/CalendarFactory
     peer=(label=unconfined),
dbus (receive, send)
     bus=session
     path=/org/gnome/evolution/dataserver/Calendar/**
     peer=(label=unconfined),
dbus (receive, send)
     bus=session
     path=/org/gnome/evolution/dataserver/CalendarView/**
     peer=(label=unconfined),

# This interface was created specifically to allow alarms to confined apps
dbus (receive, send)
     bus=session
     path=/com/canonical/indicator/datetime/AlarmProperties{,**}
     interface=com.canonical.indicator.datetime.AlarmProperties
     peer=(label=unconfined),
dbus (receive, send)
     bus=session
     path=/com/canonical/indicator/datetime/AlarmProperties{,**}
     interface=org.freedesktop.DBus.{Introspectable,Properties}
     peer=(label=unconfined),

# LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for
# now for trusted apps until sync-monitor is integrated with push
# notifications. IMPORTANT: this policy group cannot be moved to 'common'
# status until this rule is removed.
dbus (receive, send)
     bus=session
     path=/com/canonical/SyncMonitor{,/**}
     peer=(label=unconfined),
