Codebase list apparmor / 0c3a2db
* debian/patches/0032-lp1195362.patch: don't pull in unused perl modules (LP: #1195362) * debian/rules: use dh_perl -d with libapparmor-perl to Depends on perl-base instead of perl * debian/patches/0030-easyprof-sdk.patch: update to remove the ubuntu specific templates and policy groups. These will be shipped in apparmor-easyprof-ubuntu * debian/control: have apparmor-easyprof Depends on apparmor-easyprof-ubuntu Jamie Strandboge authored 10 years ago Package Import Robot committed 10 years ago
20 changed file(s) with 192 addition(s) and 312 deletion(s). Raw diff Collapse all Expand all
+0
-0
.pc/0030-easyprof-sdk.patch/utils/easyprof/policygroups/qmlscene less more
(Empty file)
+0
-0
.pc/0030-easyprof-sdk.patch/utils/easyprof/policygroups/qmlscene-sqlite less more
(Empty file)
+0
-0
.pc/0030-easyprof-sdk.patch/utils/easyprof/policygroups/qmlscene-webview less more
(Empty file)
+0
-0
.pc/0030-easyprof-sdk.patch/utils/easyprof/templates/ubuntu-sdk less more
(Empty file)
+0
-0
.pc/0030-easyprof-sdk.patch/utils/easyprof/templates/ubuntu-sdk-html5 less more
(Empty file)
+124
-0
.pc/0032-lp1195362.patch/utils/aa-exec less more
0 #!/usr/bin/perl
1 # ------------------------------------------------------------------
2 #
3 # Copyright (C) 2011-2012 Canonical Ltd.
4 #
5 # This program is free software; you can redistribute it and/or
6 # modify it under the terms of version 2 of the GNU General Public
7 # License published by the Free Software Foundation.
8 #
9 # ------------------------------------------------------------------
10
11 use strict;
12 use warnings;
13 use Errno;
14
15 require LibAppArmor;
16 require POSIX;
17 require Time::Local;
18 require File::Basename;
19
20 my $opt_d = '';
21 my $opt_h = '';
22 my $opt_p = '';
23 my $opt_n = '';
24 my $opt_i = '';
25 my $opt_v = '';
26 my $opt_f = '';
27
28 sub _warn {
29 my $msg = $_[0];
30 print STDERR "aa-exec: WARN: $msg\n";
31 }
32 sub _error {
33 my $msg = $_[0];
34 print STDERR "aa-exec: ERROR: $msg\n";
35 exit 1
36 }
37
38 sub _debug {
39 $opt_d or return;
40 my $msg = $_[0];
41 print STDERR "aa-exec: DEBUG: $msg\n";
42 }
43
44 sub _verbose {
45 $opt_v or return;
46 my $msg = $_[0];
47 print STDERR "$msg\n";
48 }
49
50 sub usage() {
51 my $s = <<'EOF';
52 USAGE: aa-exec [OPTIONS] <prog> <args>
53
54 Confine <prog> with the specified PROFILE.
55
56 OPTIONS:
57 -p PROFILE, --profile=PROFILE PROFILE to confine <prog> with
58 -n NAMESPACE, --namespace=NAMESPACE NAMESPACE to confine <prog> in
59 -f FILE, --file FILE profile file to load
60 -i, --immediate change profile immediately instead of at exec
61 -v, --verbose show messages with stats
62 -h, --help display this help
63
64 EOF
65 print $s;
66 }
67
68 use Getopt::Long;
69
70 GetOptions(
71 'debug|d' => \$opt_d,
72 'help|h' => \$opt_h,
73 'profile|p=s' => \$opt_p,
74 'namespace|n=s' => \$opt_n,
75 'file|f=s' => \$opt_f,
76 'immediate|i' => \$opt_i,
77 'verbose|v' => \$opt_v,
78 );
79
80 if ($opt_h) {
81 usage();
82 exit(0);
83 }
84
85 if ($opt_n || $opt_p) {
86 my $test;
87 my $prof;
88
89 if ($opt_n) {
90 $prof = ":$opt_n:";
91 }
92
93 $prof .= $opt_p;
94
95 if ($opt_f) {
96 system("apparmor_parser", "-r", "$opt_f") == 0
97 or _error("\'aborting could not load $opt_f\'");
98 }
99
100 if ($opt_i) {
101 _verbose("aa_change_profile(\"$prof\")");
102 $test = LibAppArmor::aa_change_profile($prof);
103 _debug("$test = aa_change_profile(\"$prof\"); $!");
104 } else {
105 _verbose("aa_change_onexec(\"$prof\")");
106 $test = LibAppArmor::aa_change_onexec($prof);
107 _debug("$test = aa_change_onexec(\"$prof\"); $!");
108 }
109
110 if ($test != 0) {
111 if ($!{ENOENT} || $!{EACCESS}) {
112 my $pre = ($opt_p) ? "profile" : "namespace";
113 _error("$pre \'$prof\' does not exist\n");
114 } elsif ($!{EINVAL}) {
115 _error("AppArmor interface not available\n");
116 } else {
117 _error("$!\n");
118 }
119 }
120 }
121
122 _verbose("exec @ARGV");
123 exec @ARGV;
+1
-0
.pc/applied-patches less more
2626 0029-easyprof-update-for-aa-sandbox.patch
2727 0030-easyprof-sdk.patch
2828 0031-move-poppler-cmap-to-fonts.patch
29 0032-lp1195362.patch
+13
-0
debian/changelog less more
0 apparmor (2.8.0-0ubuntu17) saucy; urgency=low
1
2 * debian/patches/0032-lp1195362.patch: don't pull in unused perl modules
3 (LP: #1195362)
4 * debian/rules: use dh_perl -d with libapparmor-perl to Depends on perl-base
5 instead of perl
6 * debian/patches/0030-easyprof-sdk.patch: update to remove the ubuntu
7 specific templates and policy groups. These will be shipped in
8 apparmor-easyprof-ubuntu
9 * debian/control: have apparmor-easyprof Depends on apparmor-easyprof-ubuntu
10
11 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 28 Jun 2013 12:01:06 -0500
12
013 apparmor (2.8.0-0ubuntu16) saucy; urgency=low
114
215 * debian/patches/0030-easyprof-sdk.patch: update to have
+1
-1
debian/control less more
138138 Section: admin
139139 Architecture: all
140140 Multi-Arch: foreign
141 Depends: ${python3:Depends}, ${misc:Depends}
141 Depends: ${python3:Depends}, ${misc:Depends}, apparmor-easyprof-ubuntu
142142 Breaks: apparmor-utils (<< 2.8.0-0ubuntu14)
143143 Replaces: apparmor-utils (<< 2.8.0-0ubuntu14)
144144 Description: AppArmor easyprof profiling tool
+22
-176
debian/patches/0030-easyprof-sdk.patch less more
44 Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/ubuntu-sdk-base
55 ===================================================================
66 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
7 +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/ubuntu-sdk-base 2013-06-25 16:54:22.000000000 -0500
7 +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/ubuntu-sdk-base 2013-06-28 11:56:41.000000000 -0500
88 @@ -0,0 +1,23 @@
99 +#
1010 +# ubuntu sdk base abstraction
3131 +owner @{HOME}/.gstreamer-0.10/registry.x86_64.bin r,
3232 Index: apparmor-2.8.0/utils/aa-easyprof
3333 ===================================================================
34 --- apparmor-2.8.0.orig/utils/aa-easyprof 2013-06-25 16:54:22.000000000 -0500
35 +++ apparmor-2.8.0/utils/aa-easyprof 2013-06-25 16:54:22.000000000 -0500
34 --- apparmor-2.8.0.orig/utils/aa-easyprof 2013-06-28 11:56:41.000000000 -0500
35 +++ apparmor-2.8.0/utils/aa-easyprof 2013-06-28 11:56:41.000000000 -0500
3636 @@ -1,7 +1,7 @@
3737 #! /usr/bin/env python
3838 # ------------------------------------------------------------------
9595
9696 Index: apparmor-2.8.0/utils/aa-easyprof.pod
9797 ===================================================================
98 --- apparmor-2.8.0.orig/utils/aa-easyprof.pod 2013-06-25 16:54:22.000000000 -0500
99 +++ apparmor-2.8.0/utils/aa-easyprof.pod 2013-06-25 16:54:22.000000000 -0500
98 --- apparmor-2.8.0.orig/utils/aa-easyprof.pod 2013-06-28 11:56:41.000000000 -0500
99 +++ apparmor-2.8.0/utils/aa-easyprof.pod 2013-06-28 11:56:41.000000000 -0500
100100 @@ -78,8 +78,15 @@
101101 =item -n NAME, --name=NAME
102102
142142 =head1 EXAMPLE
143143 Index: apparmor-2.8.0/utils/apparmor/easyprof.py
144144 ===================================================================
145 --- apparmor-2.8.0.orig/utils/apparmor/easyprof.py 2013-06-25 16:54:22.000000000 -0500
146 +++ apparmor-2.8.0/utils/apparmor/easyprof.py 2013-06-25 16:54:22.000000000 -0500
145 --- apparmor-2.8.0.orig/utils/apparmor/easyprof.py 2013-06-28 11:56:41.000000000 -0500
146 +++ apparmor-2.8.0/utils/apparmor/easyprof.py 2013-06-28 11:56:41.000000000 -0500
147147 @@ -1,6 +1,6 @@
148148 # ------------------------------------------------------------------
149149 #
501501 +
502502 Index: apparmor-2.8.0/utils/easyprof/policygroups/networking
503503 ===================================================================
504 --- apparmor-2.8.0.orig/utils/easyprof/policygroups/networking 2013-06-25 16:54:22.000000000 -0500
505 +++ apparmor-2.8.0/utils/easyprof/policygroups/networking 2013-06-25 16:54:22.000000000 -0500
506 @@ -1,2 +1,4 @@
507 # Policygroup to allow networking
508 +
509 #include <abstractions/nameservice>
510 +#include <abstractions/openssl>
511 Index: apparmor-2.8.0/utils/easyprof/policygroups/qmlscene
512 ===================================================================
513 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
514 +++ apparmor-2.8.0/utils/easyprof/policygroups/qmlscene 2013-06-25 16:54:22.000000000 -0500
515 @@ -0,0 +1,13 @@
516 +# policygroup for qmlscene apps
517 +
518 +/usr/share/qtchooser/ r,
519 +/usr/share/qtchooser/** r,
520 +/usr/lib/@{multiarch}/qt5/bin/qmlscene ixr,
521 +/usr/share/icons/gnome/index.theme rk,
522 +owner @{PROC}/[0-9]*/cmdline r,
523 +owner @{HOME}/.config/UITK/theme.ini rk,
524 +
525 +# FIXME: will probably move to a location under /opt/
526 +/usr/share/@{APPNAME}/ r,
527 +/usr/share/@{APPNAME}/** r,
528 +/usr/share/@{APPNAME}/**/ r,
529 Index: apparmor-2.8.0/utils/easyprof/policygroups/qmlscene-sqlite
530 ===================================================================
531 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
532 +++ apparmor-2.8.0/utils/easyprof/policygroups/qmlscene-sqlite 2013-06-25 16:54:22.000000000 -0500
533 @@ -0,0 +1,18 @@
534 +#
535 +# qmlscene SQLite storage policygroup
536 +#
537 +
538 +# this is created on shutdown?
539 +# FIXME: this also needs to incorporate something templatable
540 +owner /var/tmp/etilqs_* rw,
541 +
542 +# FIXME: these need to be templatable
543 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/" rw,
544 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/" rw,
545 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/" rw,
546 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/" rw,
547 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.ini{,.*}" rwk,
548 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.sqlite" rwk,
549 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.sqlite-journal" rwk,
550 +
551 +
504 --- apparmor-2.8.0.orig/utils/easyprof/policygroups/networking 2013-06-28 11:56:41.000000000 -0500
505 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000
506 @@ -1,2 +0,0 @@
507 -# Policygroup to allow networking
508 -#include <abstractions/nameservice>
552509 Index: apparmor-2.8.0/utils/easyprof/templates/default
553510 ===================================================================
554 --- apparmor-2.8.0.orig/utils/easyprof/templates/default 2013-06-25 16:54:22.000000000 -0500
555 +++ apparmor-2.8.0/utils/easyprof/templates/default 2013-06-25 16:54:22.000000000 -0500
511 --- apparmor-2.8.0.orig/utils/easyprof/templates/default 2013-06-28 11:56:41.000000000 -0500
512 +++ apparmor-2.8.0/utils/easyprof/templates/default 2013-06-28 11:56:41.000000000 -0500
556513 @@ -13,7 +13,7 @@
557514
558515 ###VAR###
564521 ###ABSTRACTIONS###
565522 Index: apparmor-2.8.0/utils/easyprof/templates/sandbox
566523 ===================================================================
567 --- apparmor-2.8.0.orig/utils/easyprof/templates/sandbox 2013-06-25 16:54:22.000000000 -0500
568 +++ apparmor-2.8.0/utils/easyprof/templates/sandbox 2013-06-25 16:54:22.000000000 -0500
524 --- apparmor-2.8.0.orig/utils/easyprof/templates/sandbox 2013-06-28 11:56:41.000000000 -0500
525 +++ apparmor-2.8.0/utils/easyprof/templates/sandbox 2013-06-28 11:56:41.000000000 -0500
569526 @@ -13,7 +13,7 @@
570527
571528 ###VAR###
577534 /**/ r,
578535 Index: apparmor-2.8.0/utils/easyprof/templates/sandbox-x
579536 ===================================================================
580 --- apparmor-2.8.0.orig/utils/easyprof/templates/sandbox-x 2013-06-25 16:54:22.000000000 -0500
581 +++ apparmor-2.8.0/utils/easyprof/templates/sandbox-x 2013-06-25 16:54:22.000000000 -0500
537 --- apparmor-2.8.0.orig/utils/easyprof/templates/sandbox-x 2013-06-28 11:56:41.000000000 -0500
538 +++ apparmor-2.8.0/utils/easyprof/templates/sandbox-x 2013-06-28 11:56:41.000000000 -0500
582539 @@ -13,7 +13,7 @@
583540
584541 ###VAR###
588545 #include <abstractions/base>
589546 #include <abstractions/gnome>
590547 #include <abstractions/kde>
591 Index: apparmor-2.8.0/utils/easyprof/templates/ubuntu-sdk
592 ===================================================================
593 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
594 +++ apparmor-2.8.0/utils/easyprof/templates/ubuntu-sdk 2013-06-25 16:54:47.000000000 -0500
595 @@ -0,0 +1,41 @@
596 +#
597 +# Example usage for an ubuntu-sdk app 'appname'
598 +# $ aa-easyprof --template=ubuntu-sdk \
599 +# -n appname \
600 +# --profile-name=com.example.appname \
601 +# -p qmlscene,qmlscene-sqlite \
602 +# --template-var="@{APPNAME}=appname" \
603 +# "/usr/share/appname/**"
604 +#
605 +###ENDUSAGE###
606 +# vim:syntax=apparmor
607 +# AppArmor policy for ###NAME###
608 +# ###AUTHOR###
609 +# ###COPYRIGHT###
610 +# ###COMMENT###
611 +
612 +#include <tunables/global>
613 +
614 +###VAR###
615 +
616 +###PROFILEATTACH### {
617 + #include <abstractions/base>
618 + #include <abstractions/ubuntu-sdk-base>
619 +
620 +# FIXME: include this when DBus policy is available
621 +# #include <abstractions/ubuntu-accessibility>
622 +
623 + # FIXME: ought to go in a dbus abstraction, but dbus-session is too loose
624 + /var/lib/dbus/machine-id r,
625 +
626 + # this is created on startup, why? /tmp/JXXXXX.sci
627 + owner /tmp/*.sci rwk,
628 +
629 + ###ABSTRACTIONS###
630 +
631 + ###POLICYGROUPS###
632 +
633 + ###READS###
634 +
635 + ###WRITES###
636 +}
637548 Index: apparmor-2.8.0/utils/easyprof/templates/user-application
638549 ===================================================================
639 --- apparmor-2.8.0.orig/utils/easyprof/templates/user-application 2013-06-25 16:54:22.000000000 -0500
640 +++ apparmor-2.8.0/utils/easyprof/templates/user-application 2013-06-25 16:54:22.000000000 -0500
550 --- apparmor-2.8.0.orig/utils/easyprof/templates/user-application 2013-06-28 11:56:41.000000000 -0500
551 +++ apparmor-2.8.0/utils/easyprof/templates/user-application 2013-06-28 11:56:41.000000000 -0500
641552 @@ -16,7 +16,7 @@
642553
643554 ###VAR###
649560 ###ABSTRACTIONS###
650561 Index: apparmor-2.8.0/utils/test/test-aa-easyprof.py
651562 ===================================================================
652 --- apparmor-2.8.0.orig/utils/test/test-aa-easyprof.py 2013-06-25 16:54:22.000000000 -0500
653 +++ apparmor-2.8.0/utils/test/test-aa-easyprof.py 2013-06-25 16:54:22.000000000 -0500
563 --- apparmor-2.8.0.orig/utils/test/test-aa-easyprof.py 2013-06-28 11:56:41.000000000 -0500
564 +++ apparmor-2.8.0/utils/test/test-aa-easyprof.py 2013-06-28 11:56:41.000000000 -0500
654565 @@ -10,6 +10,8 @@
655566 # ------------------------------------------------------------------
656567
11571068
11581069 #
11591070 # End test class
1160 Index: apparmor-2.8.0/utils/easyprof/policygroups/qmlscene-webview
1161 ===================================================================
1162 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
1163 +++ apparmor-2.8.0/utils/easyprof/policygroups/qmlscene-webview 2013-06-25 16:54:47.000000000 -0500
1164 @@ -0,0 +1,17 @@
1165 +#
1166 +# qmlscene webview policygroup
1167 +#
1168 +
1169 +owner @{PROC}/[0-9]*/cmdline r,
1170 +
1171 +# TODO: investigate child profile
1172 +/usr/lib/@{multiarch}/qt5/libexec/QtWebProcess rmix,
1173 +
1174 +# FIXME: ought to be app specific
1175 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk,
1176 +
1177 +# FIXME: needs to be app specific
1178 +owner /{,run/}shm/WK2SharedMemory.[0-9]* rwk,
1179 +
1180 +# FIXME: ought to be app specific
1181 +owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk,
1182 Index: apparmor-2.8.0/utils/easyprof/templates/ubuntu-sdk-html5
1183 ===================================================================
1184 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
1185 +++ apparmor-2.8.0/utils/easyprof/templates/ubuntu-sdk-html5 2013-06-25 16:54:47.000000000 -0500
1186 @@ -0,0 +1,38 @@
1187 +#
1188 +# Example usage for an ubuntu-sdk-html5 app 'appname'
1189 +# $ aa-easyprof --template=ubuntu-sdk-html5 \
1190 +# -n appname \
1191 +# --profile-name=com.example.appname \
1192 +# -p qmlscene,qmlscene-webview,networking \
1193 +# --template-var="@{APPNAME}=appname" \
1194 +# "/usr/share/appname/**"
1195 +#
1196 +###ENDUSAGE###
1197 +# vim:syntax=apparmor
1198 +# AppArmor policy for ###NAME###
1199 +# ###AUTHOR###
1200 +# ###COPYRIGHT###
1201 +# ###COMMENT###
1202 +
1203 +#include <tunables/global>
1204 +
1205 +###VAR###
1206 +
1207 +###PROFILEATTACH### {
1208 + #include <abstractions/base>
1209 + #include <abstractions/ubuntu-sdk-base>
1210 +
1211 + # FIXME: ought to go in a dbus abstraction, but dbus-session is too loose
1212 + /var/lib/dbus/machine-id r,
1213 +
1214 + # this is created on startup, why? /tmp/JXXXXX.sci
1215 + owner /tmp/*.sci rwk,
1216 +
1217 + ###ABSTRACTIONS###
1218 +
1219 + ###POLICYGROUPS###
1220 +
1221 + ###READS###
1222 +
1223 + ###WRITES###
1224 +}
+27
-0
debian/patches/0032-lp1195362.patch less more
0 Author: Jamie Strandboge <jamie@canonical.com>
1 Description: Don't use unneeded requires to avoid pulling in perl-modules
2 Bug-Ubuntu: https://launchpad.net/bugs/1195362
3 Forwarded: yes
4
5 Index: apparmor-2.8.0/utils/aa-exec
6 ===================================================================
7 --- apparmor-2.8.0.orig/utils/aa-exec 2012-03-22 18:07:07.000000000 -0500
8 +++ apparmor-2.8.0/utils/aa-exec 2013-06-27 12:15:18.000000000 -0500
9 @@ -1,7 +1,7 @@
10 #!/usr/bin/perl
11 # ------------------------------------------------------------------
12 #
13 -# Copyright (C) 2011-2012 Canonical Ltd.
14 +# Copyright (C) 2011-2013 Canonical Ltd.
15 #
16 # This program is free software; you can redistribute it and/or
17 # modify it under the terms of version 2 of the GNU General Public
18 @@ -15,8 +15,6 @@
19
20 require LibAppArmor;
21 require POSIX;
22 -require Time::Local;
23 -require File::Basename;
24
25 my $opt_d = '';
26 my $opt_h = '';
+1
-0
debian/patches/series less more
2626 0029-easyprof-update-for-aa-sandbox.patch
2727 0030-easyprof-sdk.patch
2828 0031-move-poppler-cmap-to-fonts.patch
29 0032-lp1195362.patch
+2
-1
debian/rules less more
179179 dh_strip
180180 dh_compress -Xextras
181181 dh_fixperms
182 dh_perl
182 dh_perl -p libapparmor-perl -d
183 dh_perl --no-package=libapparmor-perl
183184 dh_python2 -p python-libapparmor
184185 dh_python3 -p python3-libapparmor -p apparmor -p apparmor-utils -p apparmor-easyprof
185186 dh_makeshlibs
+1
-3
utils/aa-exec less more
00 #!/usr/bin/perl
11 # ------------------------------------------------------------------
22 #
3 # Copyright (C) 2011-2012 Canonical Ltd.
3 # Copyright (C) 2011-2013 Canonical Ltd.
44 #
55 # This program is free software; you can redistribute it and/or
66 # modify it under the terms of version 2 of the GNU General Public
1414
1515 require LibAppArmor;
1616 require POSIX;
17 require Time::Local;
18 require File::Basename;
1917
2018 my $opt_d = '';
2119 my $opt_h = '';
+0
-4
utils/easyprof/policygroups/networking less more
0 # Policygroup to allow networking
1
2 #include <abstractions/nameservice>
3 #include <abstractions/openssl>
+0
-13
utils/easyprof/policygroups/qmlscene less more
0 # policygroup for qmlscene apps
1
2 /usr/share/qtchooser/ r,
3 /usr/share/qtchooser/** r,
4 /usr/lib/@{multiarch}/qt5/bin/qmlscene ixr,
5 /usr/share/icons/gnome/index.theme rk,
6 owner @{PROC}/[0-9]*/cmdline r,
7 owner @{HOME}/.config/UITK/theme.ini rk,
8
9 # FIXME: will probably move to a location under /opt/
10 /usr/share/@{APPNAME}/ r,
11 /usr/share/@{APPNAME}/** r,
12 /usr/share/@{APPNAME}/**/ r,
+0
-18
utils/easyprof/policygroups/qmlscene-sqlite less more
0 #
1 # qmlscene SQLite storage policygroup
2 #
3
4 # this is created on shutdown?
5 # FIXME: this also needs to incorporate something templatable
6 owner /var/tmp/etilqs_* rw,
7
8 # FIXME: these need to be templatable
9 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/" rw,
10 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/" rw,
11 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/" rw,
12 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/" rw,
13 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.ini{,.*}" rwk,
14 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.sqlite" rwk,
15 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/QML/OfflineStorage/Databases/[0-9a-f]*.sqlite-journal" rwk,
16
17
+0
-17
utils/easyprof/policygroups/qmlscene-webview less more
0 #
1 # qmlscene webview policygroup
2 #
3
4 owner @{PROC}/[0-9]*/cmdline r,
5
6 # TODO: investigate child profile
7 /usr/lib/@{multiarch}/qt5/libexec/QtWebProcess rmix,
8
9 # FIXME: ought to be app specific
10 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk,
11
12 # FIXME: needs to be app specific
13 owner /{,run/}shm/WK2SharedMemory.[0-9]* rwk,
14
15 # FIXME: ought to be app specific
16 owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk,
+0
-41
utils/easyprof/templates/ubuntu-sdk less more
0 #
1 # Example usage for an ubuntu-sdk app 'appname'
2 # $ aa-easyprof --template=ubuntu-sdk \
3 # -n appname \
4 # --profile-name=com.example.appname \
5 # -p qmlscene,qmlscene-sqlite \
6 # --template-var="@{APPNAME}=appname" \
7 # "/usr/share/appname/**"
8 #
9 ###ENDUSAGE###
10 # vim:syntax=apparmor
11 # AppArmor policy for ###NAME###
12 # ###AUTHOR###
13 # ###COPYRIGHT###
14 # ###COMMENT###
15
16 #include <tunables/global>
17
18 ###VAR###
19
20 ###PROFILEATTACH### {
21 #include <abstractions/base>
22 #include <abstractions/ubuntu-sdk-base>
23
24 # FIXME: include this when DBus policy is available
25 # #include <abstractions/ubuntu-accessibility>
26
27 # FIXME: ought to go in a dbus abstraction, but dbus-session is too loose
28 /var/lib/dbus/machine-id r,
29
30 # this is created on startup, why? /tmp/JXXXXX.sci
31 owner /tmp/*.sci rwk,
32
33 ###ABSTRACTIONS###
34
35 ###POLICYGROUPS###
36
37 ###READS###
38
39 ###WRITES###
40 }
+0
-38
utils/easyprof/templates/ubuntu-sdk-html5 less more
0 #
1 # Example usage for an ubuntu-sdk-html5 app 'appname'
2 # $ aa-easyprof --template=ubuntu-sdk-html5 \
3 # -n appname \
4 # --profile-name=com.example.appname \
5 # -p qmlscene,qmlscene-webview,networking \
6 # --template-var="@{APPNAME}=appname" \
7 # "/usr/share/appname/**"
8 #
9 ###ENDUSAGE###
10 # vim:syntax=apparmor
11 # AppArmor policy for ###NAME###
12 # ###AUTHOR###
13 # ###COPYRIGHT###
14 # ###COMMENT###
15
16 #include <tunables/global>
17
18 ###VAR###
19
20 ###PROFILEATTACH### {
21 #include <abstractions/base>
22 #include <abstractions/ubuntu-sdk-base>
23
24 # FIXME: ought to go in a dbus abstraction, but dbus-session is too loose
25 /var/lib/dbus/machine-id r,
26
27 # this is created on startup, why? /tmp/JXXXXX.sci
28 owner /tmp/*.sci rwk,
29
30 ###ABSTRACTIONS###
31
32 ###POLICYGROUPS###
33
34 ###READS###
35
36 ###WRITES###
37 }