From 594f391502a4b5c7c85d33830a34b99218d67399 Mon Sep 17 00:00:00 2001
From: Shishir Subedi <shishirsub10@gmail.com>
Date: Fri, 7 Feb 2025 07:32:32 +0000
Subject: [PATCH] add tshark profile

---
 profiles/apparmor.d/tshark | 68 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 profiles/apparmor.d/tshark

diff --git a/profiles/apparmor.d/tshark b/profiles/apparmor.d/tshark
new file mode 100644
index 000000000..0f54b3970
--- /dev/null
+++ b/profiles/apparmor.d/tshark
@@ -0,0 +1,68 @@
+#------------------------------------------------------------------
+#    Copyright (C) 2024 Canonical Ltd.
+#
+#    Author: Shishir Subedi (shishir.subedi@canonical.com)
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#------------------------------------------------------------------
+# vim: ft=apparmor
+#
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile tshark /usr/bin/tshark {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
+
+  capability dac_read_search,
+
+  signal send peer=tshark//dumpcap,
+
+  file Cx /usr/bin/dumpcap -> dumpcap,
+  file mr /usr/bin/tshark,
+  file mrix /usr/lib/@{multiarch}/wireshark/extcap/{,*},
+  file r /usr/share/wireshark/{,**},
+  file r @{PROC}/@{pid}/fd/,
+
+  # for -i sdjournal
+  file r /{var,run}/log/journal/{,**},
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/tshark>
+
+  profile dumpcap {
+    include <abstractions/base>
+    include <abstractions/nameservice>
+    include <abstractions/private-files-strict>
+    include <abstractions/user-tmp>
+    include <abstractions/user-write>
+
+    capability net_admin,
+    capability net_raw,
+
+    network packet,
+    network raw,
+    network stream,
+
+    dbus (eavesdrop receive) bus=system,
+
+    signal receive peer=tshark,
+
+    file r /dev/,
+    file r @{PROC}/@{pid}/net/dev,
+    file r @{sys}/devices/{,**},
+    file rw @{sys}/devices/**/statistics/rx_*,
+
+    file r /**.pcap{,ng}{,.gz},
+    owner rw /**.pcap{,ng}{,.gz},
+
+    owner rw @{run}/dbus/system_bus_socket,
+    file mr /usr/bin/dumpcap,
+
+  }
+}