From 8c2d39c232c339867065258b273f35f466cd139d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 22 Feb 2022 20:52:46 +0000
Subject: [PATCH] Flatpack: add flatpak-session-helper.

---
 .../profiles-a-f/flatpak-session-helper       | 28 +++++++++++++++++++
 dists/flags/main.flags                        |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/flatpak-session-helper

diff --git a/apparmor.d/profiles-a-f/flatpak-session-helper b/apparmor.d/profiles-a-f/flatpak-session-helper
new file mode 100644
index 00000000..4a07c3dd
--- /dev/null
+++ b/apparmor.d/profiles-a-f/flatpak-session-helper
@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/flatpak-session-helper
+profile flatpak-session-helper @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/p11-kit>
+  include <abstractions/ssl_certs>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/p11-kit                 rix,
+  /{usr/,}lib/p11-kit/p11-kit-server  rix,
+  /{usr/,}lib/p11-kit/p11-kit-remote  rix,
+
+  owner @{run}/user/@{uid}/.flatpak-helper/{,**} rw,
+  owner @{run}/user/@{uid}/.flatpak-helper/pkcs11-flatpak-[0-9]* rw,
+  
+  owner @{PROC}/@{pids}/fd/ r,
+
+  include if exists <local/flatpak-session-helper>
+}
\ No newline at end of file
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 77a55082..a5cbd729 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -36,6 +36,7 @@ e2image complain
 evince complain
 fatlabel complain
 fdisk complain
+flatpak-session-helper complain
 fsck-ext4 complain
 fuse-overlayfs complain
 fusermount complain