From e226f4eb037a07ddf714dbbe814c2a014cea9dba Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 6 Oct 2022 21:13:05 +0100 Subject: [PATCH] feat(profiles): add iwd. --- apparmor.d/groups/network/iwd | 43 +++++++++++++++++++++++++++++++++++ dists/flags/main.flags | 1 + 2 files changed, 44 insertions(+) create mode 100644 apparmor.d/groups/network/iwd diff --git a/apparmor.d/groups/network/iwd b/apparmor.d/groups/network/iwd new file mode 100644 index 00000000..c85017ee --- /dev/null +++ b/apparmor.d/groups/network/iwd @@ -0,0 +1,43 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2022 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}lib/iwd/iwd +profile iwd @{exec_path} { + include + + capability net_admin, + capability net_raw, + capability net_bind_service, + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + network netlink dgram, + network alg seqpacket, + + @{exec_path} mr, + + /etc/iwd/{,**} r, + /var/lib/iwd/{,**} rw, + + @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]/* r, + @{sys}/devices/pci[0-9]*/**/modalias r, + + @{PROC}/sys/net/ipv{4,6}/conf/wlan[0-9]*/arp_* rw, + @{PROC}/sys/net/ipv{4,6}/conf/wlan[0-9]*/drop_* rw, + @{PROC}/sys/net/ipv{4,6}/conf/wlan[0-9]*/ndisc_* rw, + @{PROC}/sys/net/ipv{4,6}/conf/wlp*/arp_* rw, + @{PROC}/sys/net/ipv{4,6}/conf/wlp*/drop_* rw, + @{PROC}/sys/net/ipv{4,6}/conf/wlp*/ndisc_* rw, + + /dev/rfkill rw, + + include if exists +} \ No newline at end of file diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 52789821..694d16e9 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -89,6 +89,7 @@ ibus-memconf complain im-launch complain install-info complain irqbalance complain +iwd complain kernel-install complain kmod attach_disconnected,complain last complain