X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/blobdiff_plain/a3d741d7d54df55efe4f13318d9393960f1eaa1b..8a66de6410cfadbcd19d4b8265c0f2f7e36ab2a1:/tools/helpers/lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index a099801..d774936 100644
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -130,20 +130,48 @@ def generate_nodes_lxc_config(args):
 
 def set_lxc_config(args):
     lxc_path = tools.config.defaults["lxc"] + "/waydroid"
-    config_file = "config_2"
     lxc_ver = get_lxc_version(args)
     if lxc_ver == 0:
         raise OSError("LXC is not installed")
-    elif lxc_ver <= 2:
-        config_file = "config_1"
-    config_path = tools.config.tools_src + "/data/configs/" + config_file
+    config_paths = tools.config.tools_src + "/data/configs/config_"
+    seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
+    apparmor_profiles = [tools.config.tools_src + "/data/configs/" + "lxc-waydroid",tools.config.tools_src + "/data/configs/" + "android_app",tools.config.tools_src + "/data/configs/" + "adbd"]
+    apparmor_profile_dir = "/etc/apparmor.d/"
+
+    config_snippets = [ config_paths + "base" ]
+    # lxc v1 is a bit special because some options got renamed later
+    if lxc_ver == 1:
+        config_snippets.append(config_paths + "1")
+    else:
+        for ver in range(2, 5):
+            snippet = config_paths + str(ver)
+            if lxc_ver >= ver and os.path.exists(snippet):
+                config_snippets.append(snippet)
 
     command = ["mkdir", "-p", lxc_path]
     tools.helpers.run.user(args, command)
-    command = ["cp", "-fpr", config_path, lxc_path + "/config"]
+    command = ["sh", "-c", "cat {} > \"{}\"".format(' '.join('"{0}"'.format(w) for w in config_snippets), lxc_path + "/config")]
     tools.helpers.run.user(args, command)
     command = ["sed", "-i", "s/LXCARCH/{}/".format(platform.machine()), lxc_path + "/config"]
     tools.helpers.run.user(args, command)
+    command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
+    tools.helpers.run.user(args, command)
+
+    try:
+        command = ["cp", "-i", apparmor_profiles[0], apparmor_profile_dir + "lxc/lxc-waydroid"]
+        tools.helpers.run.user(args, command)
+        command = ["apparmor_parser", "-r", apparmor_profile_dir + "lxc/lxc-waydroid"]
+        tools.helpers.run.user(args, command)
+        command = ["cp", "-i", apparmor_profiles[1], apparmor_profile_dir + "android_app"]
+        tools.helpers.run.user(args, command)
+        command = ["apparmor_parser", "-r", apparmor_profile_dir + "android_app"]
+        tools.helpers.run.user(args, command)
+        command = ["cp", "-i", apparmor_profiles[2], apparmor_profile_dir + "adbd"]
+        tools.helpers.run.user(args, command)
+        command = ["apparmor_parser", "-r", apparmor_profile_dir + "adbd"]
+        tools.helpers.run.user(args, command)
+    except:
+        logging.warning("An error has occurred while installing AppArmor profiles. If profiles are not installed, or AppArmor is disabled or not supported on your system, then the container will run without AppArmor protection.")
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"
@@ -240,10 +268,10 @@ def make_base_props(args):
 
     opengles = tools.helpers.props.host_get(args, "ro.opengles.version")
     if opengles == "":
-        opengles = "196608"
+        opengles = "196609"
     props.append("ro.opengles.version=" + opengles)
 
-    if args.images_path != tools.config.defaults["preinstalled_images_path"]:
+    if args.images_path not in tools.config.defaults["preinstalled_images_paths"]:
         props.append("waydroid.system_ota=" + args.system_ota)
         props.append("waydroid.vendor_ota=" + args.vendor_ota)
     else: