From: Азалия Смарагдова <charming.flurry@yandex.ru>
Date: Mon, 11 Sep 2023 14:54:37 +0000 (+0500)
Subject: Allow local amendments to the AppArmor policy
X-Git-Tag: 1.4.2~14
X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/commitdiff_plain/0f7c1ea44bd542b002e362854f1708a85d05feba?ds=inline

Allow local amendments to the AppArmor policy
---

diff --git a/Makefile b/Makefile
index dc54740..b58aebe 100644
--- a/Makefile
+++ b/Makefile
@@ -51,6 +51,10 @@ install:
 
 install_apparmor:
 	install -d $(INSTALL_APPARMOR_DIR) $(INSTALL_APPARMOR_DIR)/lxc
+	mkdir -p $(INSTALL_APPARMOR_DIR)/local/
+	touch $(INSTALL_APPARMOR_DIR)/local/adbd
+	touch $(INSTALL_APPARMOR_DIR)/local/android_app
+	touch $(INSTALL_APPARMOR_DIR)/local/lxc-waydroid
 	cp -f data/configs/apparmor_profiles/adbd $(INSTALL_APPARMOR_DIR)/adbd
 	cp -f data/configs/apparmor_profiles/android_app $(INSTALL_APPARMOR_DIR)/android_app
 	cp -f data/configs/apparmor_profiles/lxc-waydroid $(INSTALL_APPARMOR_DIR)/lxc/lxc-waydroid
diff --git a/data/configs/apparmor_profiles/adbd b/data/configs/apparmor_profiles/adbd
index 19c660d..2ce14e6 100644
--- a/data/configs/apparmor_profiles/adbd
+++ b/data/configs/apparmor_profiles/adbd
@@ -1,4 +1,5 @@
 profile adbd flags=(attach_disconnected,mediate_deleted,complain) {
+  #include <local/adbd>
   /** ix,
   /dev** rw,
   network,
diff --git a/data/configs/apparmor_profiles/android_app b/data/configs/apparmor_profiles/android_app
index e55fc01..2f4e35e 100644
--- a/data/configs/apparmor_profiles/android_app
+++ b/data/configs/apparmor_profiles/android_app
@@ -1,4 +1,5 @@
 profile android_app flags=(attach_disconnected, complain, mediate_deleted) {
+  #include <local/android_app>
   /** ix,
   /dev** rw,
   network,
diff --git a/data/configs/apparmor_profiles/lxc-waydroid b/data/configs/apparmor_profiles/lxc-waydroid
index 5a1f5b2..e17d709 100644
--- a/data/configs/apparmor_profiles/lxc-waydroid
+++ b/data/configs/apparmor_profiles/lxc-waydroid
@@ -1,4 +1,5 @@
 profile lxc-waydroid flags=(attach_disconnected, complain, mediate_deleted) {
+  #include <local/lxc-waydroid>
   /** ix,
   /system/bin/app_process Pix -> lxc-waydroid//&android_app,
   /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,