From fade97486de0c211b04bd507a5e934da8b90c023 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 27 Nov 2023 19:32:50 +0000
Subject: [PATCH] feat(profile): add udev child & low-memory profiles.

---
 apparmor.d/profiles-g-l/low-memory-monitor | 20 ++++++++++++++++++++
 apparmor.d/profiles-s-z/udev-dmi-memory-id | 21 +++++++++++++++++++++
 dists/flags/main.flags                     |  5 +++++
 3 files changed, 46 insertions(+)
 create mode 100644 apparmor.d/profiles-g-l/low-memory-monitor
 create mode 100644 apparmor.d/profiles-s-z/udev-dmi-memory-id

diff --git a/apparmor.d/profiles-g-l/low-memory-monitor b/apparmor.d/profiles-g-l/low-memory-monitor
new file mode 100644
index 00000000..da2d2057
--- /dev/null
+++ b/apparmor.d/profiles-g-l/low-memory-monitor
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/low-memory-monitor
+profile low-memory-monitor @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+
+  capability ipc_lock,
+
+  @{exec_path} mr,
+
+  owner @{PROC}/pressure/memory rw,
+
+  include if exists <local/low-memory-monitor>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/udev-dmi-memory-id b/apparmor.d/profiles-s-z/udev-dmi-memory-id
new file mode 100644
index 00000000..e61bbbbb
--- /dev/null
+++ b/apparmor.d/profiles-s-z/udev-dmi-memory-id
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/udev/dmi_memory_id 
+profile udev-dmi-memory-id @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /etc/udev/udev.conf r,
+
+  @{sys}/firmware/dmi/tables/DMI r,
+  @{sys}/firmware/dmi/tables/smbios_entry_point r,
+
+  include if exists <local/udev-dmi-memory-id>
+}
\ No newline at end of file
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index a67cc771..a5974047 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -128,6 +128,7 @@ gnome-disk-image-mounter complain
 gnome-disks complain
 gnome-extension-gsconnect complain
 gnome-extension-manager complain
+gnome-initial-setup complain
 gnome-music complain
 gnome-photos-thumbnailer complain
 gnome-remote-desktop-daemon complain
@@ -173,6 +174,7 @@ hostnamectl complain
 ibus-engine-table complain
 ibus-memconf complain
 im-launch complain
+init-exim4 complain
 install-info complain
 irqbalance attach_disconnected,complain
 iwctl complain
@@ -215,6 +217,7 @@ locale-gen complain
 localectl complain
 login attach_disconnected,complain
 loginctl complain
+low-memory-monitor attach_disconnected,complain
 lvm attach_disconnected,complain
 lvmconfig complain
 lvmdump complain
@@ -242,6 +245,7 @@ org.gnome.NautilusPreviewer complain
 os-prober attach_disconnected,complain
 package-data-downloader complain
 packagekitd attach_disconnected,complain
+pam_kwallet_init complain
 pass-import complain
 passim complain
 passimd attach_disconnected,complain
@@ -361,6 +365,7 @@ thunderbird complain
 thunderbird-glxtest complain
 thunderbird-vaapitest complain
 transmission-gtk complain
+udev-dmi-memory-id complain
 udisksctl complain
 udisksd attach_disconnected,complain
 umount complain