felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Briar: lyrebird, sound (#714)

Browse source 
* initial

* abi 4 to 3

* abi 3 to 4
This commit is contained in:
beroal 2025-04-07 23:13:46 +03:00 committed by GitHub
parent 4c67b21bf3
commit 2bc55822d0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-a-f/briar-desktop
View file

@ -1,5 +1,5 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua> # Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>, abi <abi/4.0>,
@ -34,6 +34,7 @@ profile briar-desktop @{exec_path} {
@{system_share_dirs}/java/briar-desktop.jar r, @{system_share_dirs}/java/briar-desktop.jar r,
/etc/java*/{,**} r, /etc/java*/{,**} r,
/etc/machine-id r,
owner @{HOME}/.briar/desktop/{,**} rw, owner @{HOME}/.briar/desktop/{,**} rw,
owner @{HOME}/.briar/desktop/db/db.mv.db k, owner @{HOME}/.briar/desktop/db/db.mv.db k,
@ -61,6 +62,7 @@ profile briar-desktop @{exec_path} {
@{sys}/kernel/mm/{hugepages/,transparent_hugepage/enabled} r, @{sys}/kernel/mm/{hugepages/,transparent_hugepage/enabled} r,
@{PROC}/cgroups r, @{PROC}/cgroups r,
@{PROC}/asound/version r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/coredump_filter rw, owner @{PROC}/@{pid}/coredump_filter rw,

23
apparmor.d/profiles-a-f/briar-desktop-tor
View file

@ -1,5 +1,5 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Roman Beslik <me@beroal.in.ua> # Copyright (C) 2024-2025 Roman Beslik <me@beroal.in.ua>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>, abi <abi/4.0>,
@ -13,11 +13,13 @@ profile briar-desktop-tor {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal send set=term peer=briar-desktop-tor//lyrebird,
signal send set=term peer=briar-desktop-tor//obfs4proxy, signal send set=term peer=briar-desktop-tor//obfs4proxy,
signal send set=term peer=briar-desktop-tor//snowflake, signal send set=term peer=briar-desktop-tor//snowflake,
owner @{HOME}/.briar/desktop/tor/.tor/{,**} rw, owner @{HOME}/.briar/desktop/tor/.tor/{,**} rw,
owner @{HOME}/.briar/desktop/tor/.tor/lock k, owner @{HOME}/.briar/desktop/tor/.tor/lock k,
owner @{HOME}/.briar/desktop/tor/lyrebird Cx -> lyrebird,
owner @{HOME}/.briar/desktop/tor/obfs4proxy Cx -> obfs4proxy, owner @{HOME}/.briar/desktop/tor/obfs4proxy Cx -> obfs4proxy,
owner @{HOME}/.briar/desktop/tor/snowflake Cx -> snowflake, owner @{HOME}/.briar/desktop/tor/snowflake Cx -> snowflake,
owner @{HOME}/.briar/desktop/tor/tor r, owner @{HOME}/.briar/desktop/tor/tor r,
@ -27,6 +29,25 @@ profile briar-desktop-tor {
include if exists <local/briar-desktop-tor> include if exists <local/briar-desktop-tor>
profile lyrebird {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
network inet dgram,
network inet stream,
network inet6 dgram,
network inet6 stream,
network netlink raw,
signal receive set=term peer=briar-desktop-tor,
owner @{HOME}/.briar/desktop/tor/lyrebird mr,
@{PROC}/sys/net/core/somaxconn r,
include if exists <local/briar-desktop-tor_lyrebird>
}
profile obfs4proxy { profile obfs4proxy {
include <abstractions/base> include <abstractions/base>