From 0568ef0d45e4840fe4f943c48b7b9a1b97651e7b Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 6 Dec 2023 20:06:49 +0000
Subject: [PATCH] feat(profile): add structure for some cups profile.

They are empty, and forced into complain mode.
---
 apparmor.d/profiles-a-f/cups-backend-bluetooth | 18 ++++++++++++++++++
 apparmor.d/profiles-a-f/cups-backend-hp        | 18 ++++++++++++++++++
 apparmor.d/profiles-a-f/cups-backend-mdns      | 18 ++++++++++++++++++
 apparmor.d/profiles-a-f/cups-notifier-dbus     | 16 ++++++++++++++++
 apparmor.d/profiles-a-f/cups-notifier-mailto   | 16 ++++++++++++++++
 apparmor.d/profiles-a-f/cups-notifier-rss      | 16 ++++++++++++++++
 dists/flags/main.flags                         |  6 ++++++
 7 files changed, 108 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/cups-backend-bluetooth
 create mode 100644 apparmor.d/profiles-a-f/cups-backend-hp
 create mode 100644 apparmor.d/profiles-a-f/cups-backend-mdns
 create mode 100644 apparmor.d/profiles-a-f/cups-notifier-dbus
 create mode 100644 apparmor.d/profiles-a-f/cups-notifier-mailto
 create mode 100644 apparmor.d/profiles-a-f/cups-notifier-rss

diff --git a/apparmor.d/profiles-a-f/cups-backend-bluetooth b/apparmor.d/profiles-a-f/cups-backend-bluetooth
new file mode 100644
index 00000000..8cdb0530
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-backend-bluetooth
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/backend/bluetooth
+profile cups-backend-bluetooth @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /etc/papersize r,
+
+  include if exists <local/cups-backend-bluetooth>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/cups-backend-hp b/apparmor.d/profiles-a-f/cups-backend-hp
new file mode 100644
index 00000000..6855279f
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-backend-hp
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/backend/hp{,fax}
+profile cups-backend-hp @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /etc/papersize r,
+
+  include if exists <local/cups-backend-hp>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/cups-backend-mdns b/apparmor.d/profiles-a-f/cups-backend-mdns
new file mode 100644
index 00000000..f2c644c7
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-backend-mdns
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/backend/mdns
+profile cups-backend-mdns @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /etc/papersize r,
+
+  include if exists <local/cups-backend-mdns>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/cups-notifier-dbus b/apparmor.d/profiles-a-f/cups-notifier-dbus
new file mode 100644
index 00000000..5f8cfaf2
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-notifier-dbus
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/notifier/dbus
+profile cups-notifier-dbus @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+ 
+  include if exists <local/cups-notifier-dbus>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/cups-notifier-mailto b/apparmor.d/profiles-a-f/cups-notifier-mailto
new file mode 100644
index 00000000..ef918f26
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-notifier-mailto
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/notifier/mailto
+profile cups-notifier-mailto @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+ 
+  include if exists <local/cups-notifier-mailto>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/cups-notifier-rss b/apparmor.d/profiles-a-f/cups-notifier-rss
new file mode 100644
index 00000000..edc4ef94
--- /dev/null
+++ b/apparmor.d/profiles-a-f/cups-notifier-rss
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/cups/notifier/rss
+profile cups-notifier-rss @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+ 
+  include if exists <local/cups-notifier-rss>
+}
\ No newline at end of file
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index c9fd1292..3ae1ef1f 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -68,11 +68,14 @@ code complain
 containerd-shim-runc-v2 attach_disconnected,complain
 ctop complain
 cups-backend-beh complain
+cups-backend-bluetooth complain
 cups-backend-brf complain
 cups-backend-dnssd complain
+cups-backend-hp complain
 cups-backend-implicitclass complain
 cups-backend-ipp complain
 cups-backend-lpd complain
+cups-backend-mdns complain
 cups-backend-parallel complain
 cups-backend-pdf complain
 cups-backend-serial complain
@@ -80,6 +83,9 @@ cups-backend-snmp complain
 cups-backend-socket complain
 cups-backend-usb complain
 cups-browsed complain
+cups-notifier-dbus complain
+cups-notifier-mailto complain
+cups-notifier-rss complain
 cups-pk-helper-mechanism complain
 cupsd attach_disconnected,complain
 dbus-daemon attach_disconnected,complain