From 608e3b8e789e98304602977b72252a1ea5be0852 Mon Sep 17 00:00:00 2001
From: doublez13 <zakraise@eng.utah.edu>
Date: Wed, 26 Feb 2025 08:23:05 -0700
Subject: [PATCH 1/3] Create profile for yara (uses booleans)

---
 apparmor.d/profiles-s-z/yara | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/yara

diff --git a/apparmor.d/profiles-s-z/yara b/apparmor.d/profiles-s-z/yara
new file mode 100644
index 000000000..487f6a984
--- /dev/null
+++ b/apparmor.d/profiles-s-z/yara
@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Zane Zakraisek <zz@eng.utah.edu>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+include <tunables/booleans>
+
+@{exec_path} = {/usr,}/bin/yara
+profile yara @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  capability dac_override dac_read_search,
+
+  if $ANTIVIRUS_CAN_PTRACE {
+    ptrace (read, trace),
+    capability sys_ptrace,
+  }
+
+  /{,**} r,
+
+  deny capability sys_admin,
+
+  include if exists <local/yara>
+}

From 8b0191f0068b8319d00a2f98658b1abd9a64475b Mon Sep 17 00:00:00 2001
From: doublez13 <zakraise@eng.utah.edu>
Date: Wed, 26 Feb 2025 08:33:32 -0700
Subject: [PATCH 2/3] Create booleans

The file holds booleans that can be used to control the flow of multiple policies..
---
 apparmor.d/tunables/booleans | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 apparmor.d/tunables/booleans

diff --git a/apparmor.d/tunables/booleans b/apparmor.d/tunables/booleans
new file mode 100644
index 000000000..d9086bc46
--- /dev/null
+++ b/apparmor.d/tunables/booleans
@@ -0,0 +1,9 @@
+##################################################
+# Allows AV programs to scan memory using ptrace
+# functionality.
+#
+# This grants read and trace permissions.
+#
+# Default: false
+##################################################
+$ANTIVIRUS_CAN_PTRACE = false

From c8ae98c83ae6ed42803a07e005bd17aca724fd0e Mon Sep 17 00:00:00 2001
From: doublez13 <zakraise@eng.utah.edu>
Date: Wed, 26 Feb 2025 09:36:45 -0700
Subject: [PATCH 3/3] Add missing vim syntax

---
 apparmor.d/profiles-s-z/yara | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apparmor.d/profiles-s-z/yara b/apparmor.d/profiles-s-z/yara
index 487f6a984..b011019b0 100644
--- a/apparmor.d/profiles-s-z/yara
+++ b/apparmor.d/profiles-s-z/yara
@@ -26,3 +26,5 @@ profile yara @{exec_path} {
 
   include if exists <local/yara>
 }
+
+# vim:syntax=apparmor