From 0897463e97234214f77191f2d59db786c5e44d40 Mon Sep 17 00:00:00 2001 From: EricLin0509 Date: Mon, 2 Sep 2024 18:24:09 +0800 Subject: [PATCH] initial support for wemeet --- apparmor.d/profiles-s-z/wemeet | 69 ++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 apparmor.d/profiles-s-z/wemeet diff --git a/apparmor.d/profiles-s-z/wemeet b/apparmor.d/profiles-s-z/wemeet new file mode 100644 index 000000000..ef1430f4e --- /dev/null +++ b/apparmor.d/profiles-s-z/wemeet @@ -0,0 +1,69 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 EricLin +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/wemeet +@{exec_path} += /opt/wemeet/bin/wemeetapp +@{exec_path} += /opt/wemeet/bin/QtWebEngineProcess +profile wemeet @{exec_path} flags=(attach_disconnected) { + include + include + include + include + include + include + include + include + include + include + include + + network netlink raw, + network netlink dgram, + network inet stream, + network inet dgram, + network inet6 dgram, + network inet6 stream, + + @{sh_path} r, + @{bin}/basename rix, + @{bin}/bwrap rix, + @{bin}/id rix, + @{bin}/mkdir rix, + + @{exec_path} mr, + + /usr/share/hwdata/pnp.ids r, + /usr/share/icons/{,**} r, + /usr/share/mime/{,**} r, + /etc/machine-id r, + /usr/share/ca-certificates/trust-source/{,**} r, + /etc/ca-certificates/extracted/tls-ca-bundle.pem r, + /etc/ca-certificates/trust-source/{,**} r, + /var/cache/ w, + + # wemeet specifics + /opt/wemeet/bin/** rix, + owner @{user_share_dirs}/wemeetapp/{,**} rwk, + + @{PROC}/ r, + @{PROC}/asound/ r, + @{PROC}/@{pid}/net/route r, + @{PROC}/@{pid}/net/wireless r, + @{PROC}/@{pid}/stat r, + @{PROC}/@{pid}/statm r, + @{PROC}/sys/fs/inotify/max_user_watches r, + owner @{PROC}/@{pid}/cmdline r, + + /dev/ r, + /dev/tty rw, + /dev/shm/ r, + /dev/pts/[0-9]* rw, + +} + +# vim:syntax=apparmor