# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ abi , include @{ANDROID_SOURCE_DIR} = /media/Android/ @{exec_path} = /{usr/,}bin/repo profile repo @{exec_path} { include include include include include include network inet dgram, network inet6 dgram, network inet stream, network inet6 stream, @{exec_path} r, /{usr/,}bin/python3.[0-9]* rix, /{usr/,}bin/python2.[0-9]* rix, /{usr/,}bin/ r, /{usr/,}bin/env rix, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/uname rix, /{usr/,}bin/git rix, /{usr/,}lib/git-core/git rix, /{usr/,}lib/git-core/git-* rix, /{usr/,}bin/curl rCx -> curl, /{usr/,}bin/gpg rCx -> gpg, # Android source dir owner @{ANDROID_SOURCE_DIR}/** rwkl -> @{ANDROID_SOURCE_DIR}/**, owner @{ANDROID_SOURCE_DIR}/**/.repo/repo/main.py rix, owner @{HOME}/.repoconfig/{,**} rw, owner @{HOME}/.repo_.gitconfig.json rw, owner @{HOME}/.config/git/config r, owner @{HOME}/.gitconfig r, /usr/share/git-core/{,**} r, owner /tmp/.git_vtag_tmp* rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, owner /dev/shm/* rw, owner /dev/shm/sem.mp* rwl -> /dev/shm/*, profile curl { include include include include /{usr/,}bin/curl mr, } profile gpg { include /{usr/,}bin/gpg mr, owner @{HOME}/.repoconfig/gnupg/** rwkl -> @{HOME}/.repoconfig/gnupg/**, owner /tmp/.git_vtag_tmp* r, } include if exists }