From af82a9caa6358a64d0037761a40e286d6018f283 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 31 May 2025 13:52:42 +0200
Subject: [PATCH] feat(profile): add profiles for whoopsie.

---
 apparmor.d/profiles-s-z/whoopsie             | 31 ++++++++++++++++++
 apparmor.d/profiles-s-z/whoopsie-preferences | 34 ++++++++++++++++++++
 dists/flags/main.flags                       |  2 ++
 3 files changed, 67 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/whoopsie
 create mode 100644 apparmor.d/profiles-s-z/whoopsie-preferences

diff --git a/apparmor.d/profiles-s-z/whoopsie b/apparmor.d/profiles-s-z/whoopsie
new file mode 100644
index 000000000..16a0e5a5e
--- /dev/null
+++ b/apparmor.d/profiles-s-z/whoopsie
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/whoopsie
+profile whoopsie @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  capability setgid,
+  capability setuid,
+
+  @{exec_path} mr,
+
+  /var/crash/ r,
+
+  /var/lib/whoopsie/ rw,
+  /var/lib/whoopsie/whoopsie-id rw,
+  /var/lib/whoopsie/whoopsie-id.@{rand6} rw,
+
+  owner @{run}/lock/whoopsie/ rw,
+  owner @{run}/lock/whoopsie/lock rwk,
+
+  include if exists <local/whoopsie>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/profiles-s-z/whoopsie-preferences b/apparmor.d/profiles-s-z/whoopsie-preferences
new file mode 100644
index 000000000..3b720d0da
--- /dev/null
+++ b/apparmor.d/profiles-s-z/whoopsie-preferences
@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/whoopsie-preferences
+profile whoopsie-preferences @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bus-system>
+  include <abstractions/nameservice-strict>
+
+  #aa:dbus own bus=system name=com.ubuntu.WhoopsiePreferences
+
+  @{exec_path} mr,
+
+  @{bin}/systemctl Cx -> systemctl,
+
+  /etc/whoopsie w,
+  /etc/whoopsie.@{rand6} rw,
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    include if exists <local/whoopsie-preferences_systemctl>
+  }
+
+  include if exists <local/whoopsie-preferences>
+}
+
+# vim:syntax=apparmor
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index e73dd4cd5..77ea8761f 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -404,6 +404,8 @@ waybar attach_disconnected,complain
 wechat attach_disconnected,complain
 wechat-appimage attach_disconnected,complain
 wg-quick complain
+whoopsie complain
+whoopsie-preferences complain
 wsdd complain
 xdg-dbus-proxy attach_disconnected,complain
 xdg-desktop-icon complain