Briar: lyrebird, sound (#714)

* initial * abi 4 to 3 * abi 3 to 4
2025-04-07 23:13:46 +03:00 · 2025-04-07 23:13:46 +03:00 · 2bc55822d0
commit 2bc55822d0
parent 4c67b21bf3
2 changed files with 25 additions and 2 deletions
--- a/apparmor.d/profiles-a-f/briar-desktop
+++ b/apparmor.d/profiles-a-f/briar-desktop
@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
+# Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only

 abi <abi/4.0>,
@ -34,6 +34,7 @@ profile briar-desktop @{exec_path} {
  @{system_share_dirs}/java/briar-desktop.jar r,

  /etc/java*/{,**} r,
+  /etc/machine-id r,

  owner @{HOME}/.briar/desktop/{,**} rw,
  owner @{HOME}/.briar/desktop/db/db.mv.db k,
@ -61,6 +62,7 @@ profile briar-desktop @{exec_path} {
  @{sys}/kernel/mm/{hugepages/,transparent_hugepage/enabled} r,

        @{PROC}/cgroups r,
+        @{PROC}/asound/version r,
  owner @{PROC}/@{pid}/cgroup r,
  owner @{PROC}/@{pid}/cmdline r,
  owner @{PROC}/@{pid}/coredump_filter rw,
--- a/apparmor.d/profiles-a-f/briar-desktop-tor
+++ b/apparmor.d/profiles-a-f/briar-desktop-tor
@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
+# Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only

 abi <abi/4.0>,
@ -13,11 +13,13 @@ profile briar-desktop-tor {
  network inet6 stream,
  network netlink raw,

+  signal send set=term peer=briar-desktop-tor//lyrebird,
  signal send set=term peer=briar-desktop-tor//obfs4proxy,
  signal send set=term peer=briar-desktop-tor//snowflake,

  owner @{HOME}/.briar/desktop/tor/.tor/{,**} rw,
  owner @{HOME}/.briar/desktop/tor/.tor/lock k,
+  owner @{HOME}/.briar/desktop/tor/lyrebird Cx -> lyrebird,
  owner @{HOME}/.briar/desktop/tor/obfs4proxy Cx -> obfs4proxy,
  owner @{HOME}/.briar/desktop/tor/snowflake Cx -> snowflake,
  owner @{HOME}/.briar/desktop/tor/tor r,
@ -27,6 +29,25 @@ profile briar-desktop-tor {

  include if exists <local/briar-desktop-tor>

+  profile lyrebird {
+    include <abstractions/base>
+    include <abstractions/nameservice-strict>
+    include <abstractions/ssl_certs>
+
+    network inet dgram,
+    network inet stream,
+    network inet6 dgram,
+    network inet6 stream,
+    network netlink raw,
+
+    signal receive set=term peer=briar-desktop-tor,
+
+    owner @{HOME}/.briar/desktop/tor/lyrebird mr,
+    @{PROC}/sys/net/core/somaxconn r,
+
+    include if exists <local/briar-desktop-tor_lyrebird>
+  }
+
  profile obfs4proxy {
    include <abstractions/base>