data/configs/apparmor_profiles/lxc-waydroid

   1 profile lxc-waydroid flags=(attach_disconnected, mediate_deleted) {
   2   /** ix,
   3   /system/bin/app_process Pix -> lxc-waydroid//&android_app,
   4   /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,
   5   /system/bin/app_process64 Pix -> lxc-waydroid//&android_app,
   6   /system/bin/adbd Pix -> lxc-waydroid//&adbd,
   7   /dev** rw,
   8   network,
   9   unix,
  10   owner /proc** rw,
  11   / r,
  12   /** r,
  13   /acct** rwkl,
  14   /acct rwkl,
  15   /storage** rwkl,
  16   /data** rwkl,
  17   /proc** rw,
  18   /sys** rw,
  19   /dev** rw,
  20   /tmp** rw,
  21   /var** rw,
  22   /run** rw,
  23   /mnt** rw,
  24   /apex** rwk,
  25   /sbin** rw,
  26   /linkerconfig** rwk,
  27   /system** k,
  28   mount,
  29   umount,
  30
  31   capability sys_nice,
  32   capability wake_alarm,
  33   capability setpcap,
  34   capability setgid,
  35   capability setuid,
  36   capability sys_ptrace,
  37   capability sys_admin,
  38   capability wake_alarm,
  39   capability block_suspend,
  40   capability sys_time,
  41   capability net_admin,
  42   capability net_raw,
  43   capability net_bind_service,
  44   capability kill,
  45   capability dac_override,
  46   capability dac_read_search,
  47   capability fsetid,
  48   capability mknod,
  49   capability syslog,
  50   capability chown,
  51   capability sys_resource,
  52   capability fowner,
  53   capability sys_module,
  54   capability ipc_lock,
  55   capability sys_chroot,
  56
  57   ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  58   ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  59   ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,
  60
  61   signal (send,receive) peer=lxc-waydroid,
  62   signal (send,receive) peer=android_app//&lxc-waydroid,
  63   signal (send) peer=adbd//&lxc-waydroid,
  64   signal (receive),
  65
  66 }
  67