From d9fcd42dd059659174a35569a03e0a45b44302c4 Mon Sep 17 00:00:00 2001 From: nobody43 <15267739+nobody43@users.noreply.github.com> Date: Tue, 23 Jan 2024 01:52:36 +0000 Subject: [PATCH] Delete apparmor.d/groups/apps/android-studio --- apparmor.d/groups/apps/android-studio | 287 -------------------------- 1 file changed, 287 deletions(-) delete mode 100644 apparmor.d/groups/apps/android-studio diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio deleted file mode 100644 index faffed067..000000000 --- a/apparmor.d/groups/apps/android-studio +++ /dev/null @@ -1,287 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2020-2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{AS_LIBDIR} = @{MOUNTS}/android-studio -@{AS_SDKDIR} = @{MOUNTS}/SDK -@{AS_HOMEDIR} = @{HOME}/.AndroidStudio* -@{AS_PROJECTDIR} = @{HOME}/AndroidStudioProjects - -@{exec_path} = @{AS_LIBDIR}/bin/studio.sh -profile android-studio @{exec_path} { - include - #icnlude - include - include - include - include - include - include - include - include - include - include - include - include - include - - capability sys_ptrace, - - signal (send) set=(term, kill) peer=android-studio//lsb-release, - - ptrace (read) peer=android-studio//*, - - network inet dgram, - network inet6 dgram, - network inet stream, - network inet6 stream, - network inet raw, - network inet6 raw, - network netlink raw, - - @{exec_path} r, - - @{bin}/{,ba,da}sh rix, - @{bin}/{,e}grep rix, - @{bin}/cat rix, - @{bin}/chattr rix, - @{bin}/chmod rix, - @{bin}/cut rix, - @{bin}/dirname rix, - @{bin}/kill rix, - @{bin}/ldconfig rix, - @{bin}/mktemp rix, - @{bin}/nice rix, - @{bin}/python3.@{int} rix, - @{bin}/readlink rix, - @{bin}/rm rix, - @{bin}/sed rix, - @{bin}/setsid rix, - @{bin}/uname rix, - @{bin}/which{,.debianutils} rix, - @{bin}/xargs rix, - - @{bin}/git rPx, - @{bin}/lsusb rPx, - @{bin}/ps rPx, - @{bin}/xdg-mime rPx, - @{bin}/xprop rPx, - - @{bin}/gpg{,2} rCx -> gpg, - @{bin}/lsb_release rCx -> lsb-release, - @{bin}/xdg-open rCx -> open, - - @{lib}/jvm/java-[0-9]*-openjdk-*/jre/bin/* rix, - - /etc/java-[0-9]*-openjdk/** r, - /usr/share/java/java-atk-wrapper.jar r, - - /etc/ssl/certs/java/cacerts r, - - / r, - /home/ r, - @{MOUNTS}/ r, - @{MOUNTS}/*/ r, - /usr/ r, - @{lib}/ r, - - @{AS_LIBDIR}/ rw, - @{AS_LIBDIR}/** mrwkix, - - # A standard system android SDK location. - # Currently there is only the target platform of API Level 23 packaged, so only apps targeted at - # android-23 can be built with only Debian packages. Only Build-Tools 24.0.0 is available, so in - # order to use the SDK, build scripts need to be modified. - @{lib}/android-sdk/ r, - @{lib}/android-sdk/** mrkix, - /usr/share/android-sdk-platform-*/{,**} r, - deny @{lib}/android-sdk/build-tools/*/package.xml w, - deny @{lib}/android-sdk/platforms/android-*/package.xml w, - deny @{lib}/android-sdk/.knownPackages w, - - # This one is used if the standard android SDK location is missing - @{AS_SDKDIR}/ rw, - @{AS_SDKDIR}/** mrwkix, - - owner @{AS_HOMEDIR}/ rw, - owner @{AS_HOMEDIR}/** mrwkix, - - owner @{AS_PROJECTDIR}/ rw, - owner @{AS_PROJECTDIR}/** rwk, - - owner @{HOME}/AndroidStudio/ rw, - owner @{HOME}/AndroidStudio/DeviceExplorer/ rw, - owner @{HOME}/AndroidStudio/DeviceExplorer/** rw, - - owner @{HOME}/Android/ rw, - owner @{HOME}/Android/** mrwkix, - - owner "@{user_config_dirs}/Android Open Source Project/" rw, - owner "@{user_config_dirs}/Android Open Source Project/**" rwk, - - owner @{user_config_dirs}/Google/ rw, - owner @{user_config_dirs}/Google/** rwk, - - owner @{user_cache_dirs}/ rw, - owner "@{user_cache_dirs}/Android Open Source Project/" rw, - owner "@{user_cache_dirs}/Android Open Source Project/**" rw, - - owner @{user_cache_dirs}/main.kts.compiled.cache/ rw, - owner @{user_cache_dirs}/main.kts.compiled.cache/** rw, - - owner @{user_cache_dirs}/Google/ rw, - owner @{user_cache_dirs}/Google/** rwk, - # To remove the following error: - # Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp - # java.io.IOException: Cannot run program - # "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied - owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix, - # - owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk, - - owner @{user_cache_dirs}/JNA/ rw, - owner @{user_cache_dirs}/JNA/** rw, - - owner @{HOME}/.gradle/ rw, - owner @{HOME}/.gradle/** mrwkix, - - owner @{HOME}/ r, - owner @{HOME}/.android/ rw, - owner @{HOME}/.android/** rwkl -> @{HOME}/.android/**, - - owner @{user_share_dirs}/Google/ rw, - owner @{user_share_dirs}/Google/** rw, - - owner @{user_share_dirs}/kotlin/ rw, - owner @{user_share_dirs}/kotlin/** rw, - - owner "@{user_share_dirs}/Android Open Source Project/" rw, - owner "@{user_share_dirs}/Android Open Source Project/**" rwk, - - owner @{HOME}/.java/ rw, - owner @{HOME}/.java/fonts/ rw, - owner @{HOME}/.java/fonts/*/ rw, - owner @{HOME}/.java/fonts/*/fcinfo*.tmp rw, - owner @{HOME}/.java/fonts/*/fcinfo*.properties rw, - owner @{HOME}/.java/.userPrefs/ rw, - owner @{HOME}/.java/.userPrefs/** rwk, - - owner @{HOME}/.emulator_console_auth_token rw, - - deny owner @{HOME}/Desktop/* rw, - - @{PROC}/ r, - owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/cgroup r, - @{PROC}/@{pid}/net/if_inet6 r, - @{PROC}/@{pid}/net/ipv6_route r, - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/cmdline r, - owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/coredump_filter rw, - owner @{PROC}/@{pid}/mem r, - owner @{PROC}/@{pid}/oom_{,score_}adj rw, - owner @{PROC}/@{pids}/task/ r, - owner @{PROC}/@{pids}/task/@{tid}/status r, - @{PROC}/@{pids}/stat r, - @{PROC}/sys/net/core/somaxconn r, - @{PROC}/sys/fs/inotify/max_user_watches r, - @{PROC}/sys/kernel/yama/ptrace_scope r, - @{PROC}/partitions r, - @{PROC}/vmstat r, - @{PROC}/loadavg r, - - @{sys}/fs/cgroup/{,**} r, - - owner /tmp/** rwk, - owner /tmp/native-platform[0-9]*dir/*.so rwm, - - owner @{run}/user/@{uid}/avd/ rw, - owner @{run}/user/@{uid}/avd/running/ rw, - owner @{run}/user/@{uid}/avd/running/pid_@{pid}.ini rw, - - /usr/share/hwdata/pnp.ids r, - - /var/lib/dbus/machine-id r, - /etc/machine-id r, - - /dev/kvm rw, - - @{sys}/devices/virtual/block/**/rotational r, - - - profile gpg { - include - - @{bin}/gpg{,2} mr, - - owner @{HOME}/@{XDG_GPG_DIR}/ rw, - owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, - - } - - profile lsb-release { - include - include - include - - signal (receive) set=(term, kill) peer=android-studio, - - @{bin}/lsb_release r, - @{bin}/python3.@{int} r, - - @{bin}/ r, - @{bin}/apt-cache rPx, - - owner @{PROC}/@{pid}/fd/ r, - - /etc/dpkg/origins/** r, - /etc/debian_version r, - /usr/share/distro-info/*.csv r, - - owner /tmp/android-*/emulator-* w, - owner /tmp/android-*/@{uuid}/opengl_* w, - - # file_inherit - owner @{HOME}/.android/avd/** r, - /dev/dri/card@{int} rw, - - } - - profile open { - include - include - - @{bin}/xdg-open mr, - - @{bin}/{,ba,da}sh rix, - @{bin}/{m,g,}awk rix, - @{bin}/readlink rix, - @{bin}/basename rix, - - owner @{HOME}/ r, - - owner @{run}/user/@{uid}/ r, - - # Allowed apps to open - @{bin}/spacefm rPx, - @{bin}/smplayer rPx, - @{bin}/vlc rPx, - @{bin}/mpv rPx, - @{bin}/geany rPx, - @{bin}/viewnior rPUx, - @{bin}/qpdfview rPx, - @{bin}/ebook-viewer rPx, - @{lib}/firefox/firefox rPx, - - # file_inherit - owner @{HOME}/.xsession-errors w, - - } - - include if exists -}