data/configs/apparmor_profiles/lxc-waydroid

   1 profile lxc-waydroid flags=(attach_disconnected, complain, mediate_deleted) {
   2   #include <local/lxc-waydroid>
   3   /** ix,
   4   /system/bin/app_process Pix -> lxc-waydroid//&android_app,
   5   /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,
   6   /system/bin/app_process64 Pix -> lxc-waydroid//&android_app,
   7   /system/bin/adbd Pix -> lxc-waydroid//&adbd,
   8   /dev** rw,
   9   network,
  10   unix,
  11   owner /proc** rw,
  12   / r,
  13   /** r,
  14   /acct** rwkl,
  15   /acct rwkl,
  16   /storage** rwkl,
  17   /data** rwkl,
  18   /proc** rw,
  19   /sys** rw,
  20   /dev** rw,
  21   /tmp** rw,
  22   /var** rw,
  23   /run** rw,
  24   /mnt** rw,
  25   /apex** rwk,
  26   /sbin** rw,
  27   /linkerconfig** rwk,
  28   /system** k,
  29   mount,
  30   umount,
  31
  32   capability sys_nice,
  33   capability wake_alarm,
  34   capability setpcap,
  35   capability setgid,
  36   capability setuid,
  37   capability sys_ptrace,
  38   capability sys_admin,
  39   capability wake_alarm,
  40   capability block_suspend,
  41   capability sys_time,
  42   capability net_admin,
  43   capability net_raw,
  44   capability net_bind_service,
  45   capability kill,
  46   capability dac_override,
  47   capability dac_read_search,
  48   capability fsetid,
  49   capability mknod,
  50   capability syslog,
  51   capability chown,
  52   capability sys_resource,
  53   capability fowner,
  54   capability sys_module,
  55   capability ipc_lock,
  56   capability sys_chroot,
  57
  58   ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  59   ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  60   ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,
  61
  62   signal (send,receive) peer=lxc-waydroid,
  63   signal (send,receive) peer=android_app//&lxc-waydroid,
  64   signal (send) peer=adbd//&lxc-waydroid,
  65   signal (receive),
  66
  67 }
  68