From 068373405fc94a17ecc32025a485fbd5b40ec1b0 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 25 Apr 2024 14:01:04 +0100
Subject: [PATCH] feat(aa): add some missing rule template.

---
 pkg/aa/template.go                |  5 +++--
 pkg/aa/templates/rule/all.j2      |  9 +++++++++
 pkg/aa/templates/rule/io_uring.j2 | 16 ++++++++++++++++
 pkg/aa/templates/rules.j2         |  8 ++++++++
 4 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 pkg/aa/templates/rule/all.j2
 create mode 100644 pkg/aa/templates/rule/io_uring.j2

diff --git a/pkg/aa/template.go b/pkg/aa/template.go
index ab9764692..7cd78d53f 100644
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@@ -53,7 +53,9 @@ var (
 	// The order the apparmor rules should be sorted
 	ruleAlphabet = []string{
 		"include",
+		"all",
 		"rlimit",
+		"userns",
 		"capability",
 		"network",
 		"mount",
@@ -62,11 +64,10 @@ var (
 		"pivotroot",
 		"changeprofile",
 		"mqueue",
+		"iouring",
 		"signal",
 		"ptrace",
 		"unix",
-		"userns",
-		"iouring",
 		"dbus",
 		"file",
 		"profile",
diff --git a/pkg/aa/templates/rule/all.j2 b/pkg/aa/templates/rule/all.j2
new file mode 100644
index 000000000..645d0ff5e
--- /dev/null
+++ b/pkg/aa/templates/rule/all.j2
@@ -0,0 +1,9 @@
+{{- /* apparmor.d - Full set of apparmor profiles */ -}}
+{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
+{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
+
+{{- define "all" -}}
+    {{- "all" -}}
+    {{- "," -}}
+    {{- template "comment" . -}}
+{{- end -}}
diff --git a/pkg/aa/templates/rule/io_uring.j2 b/pkg/aa/templates/rule/io_uring.j2
new file mode 100644
index 000000000..78e1aa17a
--- /dev/null
+++ b/pkg/aa/templates/rule/io_uring.j2
@@ -0,0 +1,16 @@
+{{- /* apparmor.d - Full set of apparmor profiles */ -}}
+{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
+{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
+
+{{- define "io_uring" -}}
+    {{- template "qualifier" . -}}
+    {{- "io_uring" -}}
+    {{- range .Access -}}
+        {{ " " }}{{ . }}
+    {{- end -}}
+    {{- with .Label -}}
+        {{ " label=" }}{{ . }}
+    {{- end -}}
+    {{- "," -}}
+    {{- template "comment" . -}}
+{{- end -}}
diff --git a/pkg/aa/templates/rules.j2 b/pkg/aa/templates/rules.j2
index 4ce596269..8ab9bfb3f 100644
--- a/pkg/aa/templates/rules.j2
+++ b/pkg/aa/templates/rules.j2
@@ -22,6 +22,10 @@
             {{- template "include" . -}}
         {{- end -}}
 
+        {{- if eq $type "All" -}}
+            {{- template "all" . -}}
+        {{- end -}}
+
         {{- if eq $type "Rlimit" -}}
             {{- template "rlimit" . -}}
         {{- end -}}
@@ -62,6 +66,10 @@
             {{- template "mqueue" . -}}
         {{- end -}}
 
+        {{- if eq $type "IOUring" -}}
+            {{- template "io_uring" . -}}
+        {{- end -}}
+
         {{- if eq $type "Unix" -}}
             {{- template "unix" . -}}
         {{- end -}}