From 69c4a7d9279afd2e54c6176af6193f07c2286a7a Mon Sep 17 00:00:00 2001
From: Emanuele Aina <emanuele.aina@collabora.com>
Date: Tue, 4 Jun 2019 14:27:50 +0200
Subject: [PATCH] ospack: Switch AppArmor profiles back to enforce mode

This reverts commit fffab36dec195a9a1ee594a05805c35ca97e63ad,
"ospack: Switch AppArmor profiles to complain mode".

After the rebase to Buster, some AppArmor profiles have become problematic and
prevent the components from working. In particular, the logind, Canterbury and
Ribchester profiles prevent the Mildenhall HMI from appearing on the screen so
they were forced into complain mode rather than enforce mode.

Now the underlying issue has been fixed in APERTIS-5840 the profiles can be
restored to their enforcing mode.

Fixes: https://phabricator.apertis.org/T6010

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
---
 apertis-ospack-basesdk.yaml                   | 10 -----
 apertis-ospack-minimal.yaml                   | 20 ----------
 apertis-ospack-sdk.yaml                       | 35 ------------------
 apertis-ospack-target.yaml                    | 37 -------------------
 .../apparmor-profile-switch-to-complain.sh    | 10 -----
 5 files changed, 112 deletions(-)
 delete mode 100755 scripts/apparmor-profile-switch-to-complain.sh

diff --git a/apertis-ospack-basesdk.yaml b/apertis-ospack-basesdk.yaml
index 299f9e77..da2a8adb 100644
--- a/apertis-ospack-basesdk.yaml
+++ b/apertis-ospack-basesdk.yaml
@@ -570,16 +570,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-minimal.yaml b/apertis-ospack-minimal.yaml
index d1d0c9ed..de793dee 100644
--- a/apertis-ospack-minimal.yaml
+++ b/apertis-ospack-minimal.yaml
@@ -171,26 +171,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-sdk.yaml b/apertis-ospack-sdk.yaml
index e79f3aab..b377f3fe 100644
--- a/apertis-ospack-sdk.yaml
+++ b/apertis-ospack-sdk.yaml
@@ -748,41 +748,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
-  - action: run
-    description: Switch the Rhosydd AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.rhosydd
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
-  - action: run
-    description: Switch the Frome AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.frome
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-target.yaml b/apertis-ospack-target.yaml
index 1e01e3cc..c68cbc67 100644
--- a/apertis-ospack-target.yaml
+++ b/apertis-ospack-target.yaml
@@ -286,43 +286,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  {{ if eq $ivitools "enabled" }}
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
-  - action: run
-    description: Switch the Rhosydd AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.rhosydd
-  {{ end }}
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
-  - action: run
-    description: Switch the Frome AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.frome
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/scripts/apparmor-profile-switch-to-complain.sh b/scripts/apparmor-profile-switch-to-complain.sh
deleted file mode 100755
index 8c8ad080..00000000
--- a/scripts/apparmor-profile-switch-to-complain.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-for ARG in "$@"
-do
-    PROFILE=$(basename "$ARG")
-    echo "AppArmor: forcing profile $PROFILE in complain mode"
-    ln -s "../$PROFILE" "${ROOTDIR}/etc/apparmor.d/force-complain/"
-done
-- 
GitLab