From 2bc55822d0b627443989631b886cf0dca546d125 Mon Sep 17 00:00:00 2001
From: beroal <me@beroal.in.ua>
Date: Mon, 7 Apr 2025 23:13:46 +0300
Subject: [PATCH] Briar: lyrebird, sound (#714)

* initial

* abi 4 to 3

* abi 3 to 4
---
 apparmor.d/profiles-a-f/briar-desktop     |  4 +++-
 apparmor.d/profiles-a-f/briar-desktop-tor | 23 ++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-a-f/briar-desktop b/apparmor.d/profiles-a-f/briar-desktop
index 24088be3f..9ea7a824c 100644
--- a/apparmor.d/profiles-a-f/briar-desktop
+++ b/apparmor.d/profiles-a-f/briar-desktop
@@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
+# Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/4.0>,
@@ -34,6 +34,7 @@ profile briar-desktop @{exec_path} {
   @{system_share_dirs}/java/briar-desktop.jar r,
 
   /etc/java*/{,**} r,
+  /etc/machine-id r,
 
   owner @{HOME}/.briar/desktop/{,**} rw,
   owner @{HOME}/.briar/desktop/db/db.mv.db k,
@@ -61,6 +62,7 @@ profile briar-desktop @{exec_path} {
   @{sys}/kernel/mm/{hugepages/,transparent_hugepage/enabled} r,
 
         @{PROC}/cgroups r,
+        @{PROC}/asound/version r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/coredump_filter rw,
diff --git a/apparmor.d/profiles-a-f/briar-desktop-tor b/apparmor.d/profiles-a-f/briar-desktop-tor
index af98f9fc7..ae818d1df 100644
--- a/apparmor.d/profiles-a-f/briar-desktop-tor
+++ b/apparmor.d/profiles-a-f/briar-desktop-tor
@@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua>
+# Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/4.0>,
@@ -13,11 +13,13 @@ profile briar-desktop-tor {
   network inet6 stream,
   network netlink raw,
 
+  signal send set=term peer=briar-desktop-tor//lyrebird,
   signal send set=term peer=briar-desktop-tor//obfs4proxy,
   signal send set=term peer=briar-desktop-tor//snowflake,
 
   owner @{HOME}/.briar/desktop/tor/.tor/{,**} rw,
   owner @{HOME}/.briar/desktop/tor/.tor/lock k,
+  owner @{HOME}/.briar/desktop/tor/lyrebird Cx -> lyrebird,
   owner @{HOME}/.briar/desktop/tor/obfs4proxy Cx -> obfs4proxy,
   owner @{HOME}/.briar/desktop/tor/snowflake Cx -> snowflake,
   owner @{HOME}/.briar/desktop/tor/tor r,
@@ -27,6 +29,25 @@ profile briar-desktop-tor {
 
   include if exists <local/briar-desktop-tor>
 
+  profile lyrebird {
+    include <abstractions/base>
+    include <abstractions/nameservice-strict>
+    include <abstractions/ssl_certs>
+
+    network inet dgram,
+    network inet stream,
+    network inet6 dgram,
+    network inet6 stream,
+    network netlink raw,
+
+    signal receive set=term peer=briar-desktop-tor,
+
+    owner @{HOME}/.briar/desktop/tor/lyrebird mr,
+    @{PROC}/sys/net/core/somaxconn r,
+
+    include if exists <local/briar-desktop-tor_lyrebird>
+  }
+
   profile obfs4proxy {
     include <abstractions/base>