From 00fd9ddec1c39234d49c8529b84938f310172ea5 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 13 May 2024 20:36:46 +0100
Subject: [PATCH] feat(profile): add iceauth

---
 apparmor.d/profiles-g-l/iceauth | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 apparmor.d/profiles-g-l/iceauth

diff --git a/apparmor.d/profiles-g-l/iceauth b/apparmor.d/profiles-g-l/iceauth
new file mode 100644
index 00000000..bd8df0f2
--- /dev/null
+++ b/apparmor.d/profiles-g-l/iceauth
@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/iceauth
+profile iceauth @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  owner @{tmp}/.xfsm-ICE-@{rand6} r,
+  owner @{tmp}/user/@{uid}/.xfsm-ICE-@{rand6} r, 
+
+  owner @{run}/user/@{uid}/ICEauthority rl -> @{run}/user/@{uid}/ICEauthority-n,
+  owner @{run}/user/@{uid}/ICEauthority-c w,
+  owner @{run}/user/@{uid}/ICEauthority-l wl -> @{run}/user/@{uid}/ICEauthority-c,
+  owner @{run}/user/@{uid}/ICEauthority-n rw,
+
+  include if exists <local/iceauth>
+}
\ No newline at end of file