From 0ad600f90f26e133b9c813bcd8d397744669e36e Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 1 Apr 2021 21:56:33 +0100
Subject: [PATCH] Add /mnt as possible mount point.

---
 apparmor.d/abstractions/trash                | 34 ++++++++++----------
 apparmor.d/abstractions/user-download-strict |  3 ++
 apparmor.d/groups/gpg/gpg                    |  1 +
 apparmor.d/profiles-a-l/blkid                |  1 +
 4 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash
index 31fb4a90..59485d54 100644
--- a/apparmor.d/abstractions/trash
+++ b/apparmor.d/abstractions/trash
@@ -23,22 +23,22 @@
   owner @{user_share_dirs}/Trash/expunged/[0-9]* rw,
 
   # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir
-  owner /media/*/.Trash/ rw,
-  owner /media/*/.Trash/[0-9]*/ rw,
-  owner /media/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
-  owner /media/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash/[0-9]*/#[0-9]*[0-9],
-  owner /media/*/.Trash/[0-9]*/files/{,**} rw,
-  owner /media/*/.Trash/[0-9]*/info/ rw,
-  owner /media/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
-  owner /media/*/.Trash/[0-9]*/expunged/ rw,
-  owner /media/*/.Trash/[0-9]*/expunged/[0-9]* rw,
+  owner /{media,mnt}/*/.Trash/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9],
+  owner /{media,mnt}/*/.Trash/[0-9]*/files/{,**} rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/info/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/expunged/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]* rw,
 
   # Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir
-  owner /media/*/.Trash-[0-9]*/ rw,
-  owner /media/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
-  owner /media/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash-[0-9]*/#[0-9]*[0-9],
-  owner /media/*/.Trash-[0-9]*/files/{,**} rw,
-  owner /media/*/.Trash-[0-9]*/info/ rw,
-  owner /media/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
-  owner /media/*/.Trash-[0-9]*/expunged/ rw,
-  owner /media/*/.Trash-[0-9]*/expunged/[0-9]* rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9],
+  owner /{media,mnt}/*/.Trash-[0-9]*/files/{,**} rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/info/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/expunged/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]* rw,
diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict
index c75dd21a..ccbc62e7 100644
--- a/apparmor.d/abstractions/user-download-strict
+++ b/apparmor.d/abstractions/user-download-strict
@@ -10,6 +10,9 @@
   owner /media/*/@{XDG_DOWNLOAD_DIR}/ r,
   owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl,
 
+  owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r,
+  owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwl,
+
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
   owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
 
diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg
index 7e33ca20..823273ac 100644
--- a/apparmor.d/groups/gpg/gpg
+++ b/apparmor.d/groups/gpg/gpg
@@ -64,6 +64,7 @@ profile gpg @{exec_path} {
 
   # Verify files
   owner @{HOME}/** r,
+  owner /mnt/*/** r,
   owner /media/*/** r,
 
   owner @{PROC}/@{pid}/task/@{tid}/stat rw,
diff --git a/apparmor.d/profiles-a-l/blkid b/apparmor.d/profiles-a-l/blkid
index 76147ea5..febb6778 100644
--- a/apparmor.d/profiles-a-l/blkid
+++ b/apparmor.d/profiles-a-l/blkid
@@ -30,6 +30,7 @@ profile blkid @{exec_path} {
   # Image files
   @{HOME}/** r,
   /media/*/** r,
+  /mnt/*/** r,
 
   include if exists <local/blkid>
 }