# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Confine glycin-loaders sandboxed with bwrap. It also confines bwrap itself.
# for this use case.

abi <abi/4.0>,

include <tunables/global>

@{att} = /att/glycin/
profile :glycin:bwrap flags=(attach_disconnected,attach_disconnected.path=@{att}) {
  include <abstractions/attached/base>
  include <abstractions/bwrap>
  include <abstractions/fonts>

  # Need to be allowed for all peer because from the glycin namespace we do not
  # see the root namespace. This is showned by 'peer=(label=---)' in the logs.
  #
  # As of today, we cannot specify the ns scope and view of the peer.
  # See: https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorPolicyView
  unix (send receive) type=seqpacket,
  unix (send receive) type=stream,

  @{bin}/bwrap mr,

  # To test sandbox functionalities
  # See; https://gitlab.gnome.org/GNOME/glycin/-/blob/main/glycin/src/sandbox.rs#L676
  @{bin}/true ix,

  @{lib}/glycin-loaders/@{d}+/glycin-* px -> bwrap//&loaders,

  /usr/share/glycin-loaders/{,**} r,

  /usr/share/gtksourceview-2.0/{,**} r,
  /usr/share/gtksourceview-3.0/{,**} r,
  /usr/share/gtksourceview-4/{,**} r,
  /usr/share/gtksourceview-5/{,**} r,

  owner @{tmp}/gdk-pixbuf-glycin-tmp.@{rand6} rw,

  #aa:lint ignore=too-wide
  # Safe deny of inherited files from parent process.
  deny network inet dgram,
  deny network inet6 dgram,
  deny network inet stream,
  deny network inet6 stream,
  deny owner @{HOME}/.*/** rw,
  deny owner /tmp/*/** w,
  deny /opt/*/** rw,
  deny @{sys}/devices/system/** r,
  deny owner @{PROC}/@{pid}/mountinfo r,
  deny /dev/shm/** rw,
  deny /dev/dri/* rw,

  include if exists <local/ns/glycin/bwrap>
}

# vim:syntax=apparmor
