From 9be25c8498b62ac6432dca1736f6e9fbd3717fd5 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 18 Sep 2024 23:32:39 +0100
Subject: [PATCH] feat(profile): add baobab.

---
 apparmor.d/profiles-a-f/baobab | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/baobab

diff --git a/apparmor.d/profiles-a-f/baobab b/apparmor.d/profiles-a-f/baobab
new file mode 100644
index 00000000..63a6ebd2
--- /dev/null
+++ b/apparmor.d/profiles-a-f/baobab
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/baobab
+profile baobab @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bus/org.freedesktop.hostname1>
+  include <abstractions/common/gnome>
+  include <abstractions/deny-sensitive-home>
+
+  #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
+
+  @{exec_path} mr,
+
+  # As a directory tree analyzer it needs full access to the filesystem
+  / r,
+  /** r,
+
+  deny /boot/{,**} r,
+
+  include if exists <local/baobab>
+}
\ No newline at end of file