Stop google-chrome from hijacking MIMEs – Sergei's incoherrent ramblings

For some idiotic/evil reason Google Chrome is hijacking MIME associations in Linux (configuration that decided which applications opens a particular file type).

This happens every time Google Chrome is updated. It is absolutely idiotic for Firefox to have an image opened by Chrome, yet I have reset it numerous times to no avail (purged all mentions of chrome from /etc/mailcap and various copies of mimeapps.list).

I would not use Chrome, except I have to due to lazy Slack devs, and other corporate torture tools that only made for IE6 of `20.

My preferred solution would have been apt remove google-chrome, but alas I have to endure this piece of malware.

The “Fix” is to utilise Apparmor and prevent the chrome from ever messing with MIMEs (sorry for SELinux types, I can’t be bothered…). In my opinion if you are running chrome as a secondary browser, it should not be associated with anything, ever.

Assumptions: chrome is installed in /opt/google/chrome, The distro is running apparmor (not SELinux) and there is no existing profile already.

Create the apparmor profile:

/etc/apparmor.d/opt.google.chrome.chrome

abi <abi/3.0>,

include <tunables/global>

/opt/google/chrome/* {
  include <abstractions/base>
  #allow by default almost everything
  capability,
  file,
  network,
  dbus,
  unix,
  signal,
  ptrace,
  
  # stop behaving like malware and fucking up my MIMEs
  audit deny /**/mimeapps.list rw,
  audit deny /usr/share/applications/defaults.list rw,
  audit deny /**/xdg-mime x,

}

Note: If you have an existing profile already just add these lines:

  audit deny /**/mimeapps.list rw,
  audit deny /usr/share/applications/defaults.list rw,
  audit deny /**/xdg-mime x,

Enable the profile:

aa-enforce /etc/apparmor.d/opt.google.chrome.chrome

Restart chrome.

Warning: this apparmor profile is equivalent to almost no restrictions except for the mime related stuff, and thus cannot be used to “secure” chrome without extensive modifications.

To fix the MIMEs after google messed it up:

sudo sed -i '/google-chrome.desktop/d' /usr/share/applications/defaults.list
sudo sed -i '/google-chrome-stable/d' /etc/mailcap
sudo sed -i 's/google-chrome.desktop;//' /usr/share/applications/mimeinfo.cache