From 3bb5ea72df0839218d90a8929d8be04d1ec3707d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 12 Mar 2024 16:06:24 +0000
Subject: [PATCH] feat(profile): add profile for yacreader.

---
 apparmor.d/profiles-s-z/YACReader        | 51 ++++++++++++++++++++++++
 apparmor.d/profiles-s-z/YACReaderLibrary | 50 +++++++++++++++++++++++
 2 files changed, 101 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/YACReader
 create mode 100644 apparmor.d/profiles-s-z/YACReaderLibrary

diff --git a/apparmor.d/profiles-s-z/YACReader b/apparmor.d/profiles-s-z/YACReader
new file mode 100644
index 00000000..98ca1c18
--- /dev/null
+++ b/apparmor.d/profiles-s-z/YACReader
@@ -0,0 +1,51 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/YACReader
+profile YACReader @{exec_path} flags=(attach_disconnected,mediate_deleted) {
+  include <abstractions/base>
+  include <abstractions/dconf-write>
+  include <abstractions/desktop>
+  include <abstractions/graphics>
+  include <abstractions/nameservice-strict>
+  include <abstractions/qt5-settings-write>
+  include <abstractions/qt5-shader-cache>
+  include <abstractions/ssl_certs>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /usr/share/yacreader/{,**} r,
+
+  /etc/machine-id r,
+
+  owner @{user_books_dirs}/{,**} r,
+
+  owner @{user_share_dirs}/YACReader/ rw,
+  owner @{user_share_dirs}/YACReader/* r,
+  owner @{user_share_dirs}/YACReader/YACReader/ rw,
+  owner @{user_share_dirs}/YACReader/YACReader/** rwlk,
+
+  owner @{user_config_dirs}/pulse/client.conf r,
+  owner @{user_config_dirs}/pulse/cookie rk,
+
+  owner @{run}/user/@{uid}/pulse/ r,
+
+  /dev/shm/ r,
+
+        @{PROC}/sys/kernel/random/boot_id r,
+  owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/mountinfo r,
+
+  include if exists <local/YACReader>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/YACReaderLibrary b/apparmor.d/profiles-s-z/YACReaderLibrary
new file mode 100644
index 00000000..f2894f1b
--- /dev/null
+++ b/apparmor.d/profiles-s-z/YACReaderLibrary
@@ -0,0 +1,50 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/YACReaderLibrary
+profile YACReaderLibrary @{exec_path} flags=(attach_disconnected,mediate_deleted) {
+  include <abstractions/base>
+  include <abstractions/bus-accessibility>
+  include <abstractions/dconf-write>
+  include <abstractions/desktop>
+  include <abstractions/graphics>
+  include <abstractions/nameservice-strict>
+  include <abstractions/qt5-shader-cache>
+
+  network inet stream,
+  network inet6 stream,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  @{bin}/YACReader  rPx,
+  @{open_path}      rPx -> child-open,
+
+  /usr/share/yacreader/{,**} r,
+
+  /etc/machine-id r,
+
+  owner @{user_books_dirs}/{,**} r,
+  owner @{user_books_dirs}/**/.yacreaderlibrary/{,**} rwk,
+
+  owner @{user_cache_dirs}/YACReader/ rw,
+  owner @{user_cache_dirs}/YACReader/YACReaderLibrary/ rw,
+  owner @{user_cache_dirs}/YACReader/YACReaderLibrary/** rwlk,
+
+  owner @{user_share_dirs}/YACReader/ rw,
+  owner @{user_share_dirs}/YACReader/* r,
+  owner @{user_share_dirs}/YACReader/YACReaderLibrary/ rw,
+  owner @{user_share_dirs}/YACReader/YACReaderLibrary/** rwlk,
+
+  owner /tmp/@{uuid} w,
+
+        @{PROC}/sys/kernel/random/boot_id r,
+  owner @{PROC}/@{pid}/cmdline r,
+
+  include if exists <local/YACReaderLibrary>
+}
\ No newline at end of file