From fb93ac0df35346019181d96bee9624925e04fb84 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 12 Sep 2024 12:12:29 +0100
Subject: [PATCH] fix(profile): improve linuxqq

See #474
---
 apparmor.d/profiles-g-l/linuxqq | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/apparmor.d/profiles-g-l/linuxqq b/apparmor.d/profiles-g-l/linuxqq
index 640458439..6961d8cc7 100644
--- a/apparmor.d/profiles-g-l/linuxqq
+++ b/apparmor.d/profiles-g-l/linuxqq
@@ -11,16 +11,12 @@ include <tunables/global>
 @{config_dirs} = @{user_config_dirs}/@{name}
 @{cache_dirs} = @{user_cache_dirs}/@{name}
 
-@{exec_path} = @{bin}/linuxqq
-@{exec_path} += /opt/QQ/qq
+@{exec_path} = @{bin}/linuxqq @{lib_dirs}/qq
 profile linuxqq @{exec_path} flags=(attach_disconnected) {
     include <abstractions/base>
-    include <abstractions/nameservice-strict>
-    include <abstractions/common/electron>
-    include <abstractions/graphics>
-    include <abstractions/ssl_certs>
-    include <abstractions/fontconfig-cache-read>
     include <abstractions/audio-client>
+    include <abstractions/common/electron>
+    include <abstractions/fontconfig-cache-read>
 
     network netlink raw,
     network netlink dgram,
@@ -29,17 +25,13 @@ profile linuxqq @{exec_path} flags=(attach_disconnected) {
     network inet6 dgram,
     network inet6 stream,
 
-    @{exec_path} mr,
+    @{exec_path} mrix,
 
-    @{sh_path}  r,
-    @{bin}/find rix,
-    @{bin}/rm   rix,
-    @{bin}/xdg-open rix,
+    @{sh_path} r,
     @{bin}/grep rix,
-    /opt/QQ/qq ix,
-    /opt/QQ/chrome_crashpad_handler ix,
-
+    @{lib_dirs}/chrome_crashpad_handler ix,
     @{lib_dirs}/resources/app/{,**} m,
+    @{open_path} rPx -> child-open-strict,
 
     /etc/machine-id r,
 
@@ -48,7 +40,6 @@ profile linuxqq @{exec_path} flags=(attach_disconnected) {
 
     owner @{PROC}/@{pid}/loginuid r,
     owner @{PROC}/@{pid}/mounts r,
-    owner @{PROC}/@{pid}/cmdline r,
 
     /dev/tty rw,
     /dev/pts/@{int} rw,