From ab856a0b75409179aab7158d5ee35b8ab417e3e1 Mon Sep 17 00:00:00 2001
From: Emanuele Aina <emanuele.aina@collabora.com>
Date: Tue, 4 Jun 2019 14:27:50 +0200
Subject: [PATCH] ospack: Switch AppArmor profiles back to enforce mode

This reverts commit fffab36dec195a9a1ee594a05805c35ca97e63ad,
"ospack: Switch AppArmor profiles to complain mode".

After the rebase to Buster, some AppArmor profiles have become problematic and
prevent the components from working. In particular, the logind, Canterbury and
Ribchester profiles prevent the Mildenhall HMI from appearing on the screen so
they were forced into complain mode rather than enforce mode.

Now the underlying issue has been fixed in APERTIS-5840 the profiles can be
restored to their enforcing mode.

Fixes: https://phabricator.apertis.org/T6010

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
---
 apertis-ospack-basesdk.yaml                   | 10 -----
 apertis-ospack-minimal.yaml                   | 20 ----------
 apertis-ospack-sdk.yaml                       | 35 ------------------
 apertis-ospack-target.yaml                    | 37 -------------------
 .../apparmor-profile-switch-to-complain.sh    | 10 -----
 5 files changed, 112 deletions(-)
 delete mode 100755 scripts/apparmor-profile-switch-to-complain.sh

diff --git a/apertis-ospack-basesdk.yaml b/apertis-ospack-basesdk.yaml
index f85e77ff..66d440ff 100644
--- a/apertis-ospack-basesdk.yaml
+++ b/apertis-ospack-basesdk.yaml
@@ -572,16 +572,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-minimal.yaml b/apertis-ospack-minimal.yaml
index d1d0c9ed..de793dee 100644
--- a/apertis-ospack-minimal.yaml
+++ b/apertis-ospack-minimal.yaml
@@ -171,26 +171,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-sdk.yaml b/apertis-ospack-sdk.yaml
index 30b783db..06c136ce 100644
--- a/apertis-ospack-sdk.yaml
+++ b/apertis-ospack-sdk.yaml
@@ -750,41 +750,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
-  - action: run
-    description: Switch the Rhosydd AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.rhosydd
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
-  - action: run
-    description: Switch the Frome AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.frome
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/apertis-ospack-target.yaml b/apertis-ospack-target.yaml
index 1e01e3cc..c68cbc67 100644
--- a/apertis-ospack-target.yaml
+++ b/apertis-ospack-target.yaml
@@ -286,43 +286,6 @@ actions:
     chroot: true
     script: scripts/generate_locales.sh
 
-  - action: run
-    description: Switch the logind AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
-
-  {{ if eq $ivitools "enabled" }}
-  - action: run
-    description: Switch the Canterbury AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.canterbury*
-
-  - action: run
-    description: Switch the Ribchester AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.*.ribchester*
-
-  - action: run
-    description: Switch the Newport AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.newport
-
-  - action: run
-    description: Switch the Rhosydd AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.rhosydd
-  {{ end }}
-
-  - action: run
-    description: Switch the Tracker AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.lib.tracker
-
-  - action: run
-    description: Switch the Frome AppArmor profile to complain mode
-    chroot: false
-    script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/usr.bin.frome
-
   # work around the Debos isssue in https://phabricator.apertis.org/T4308
   - action: run
     chroot: false
diff --git a/scripts/apparmor-profile-switch-to-complain.sh b/scripts/apparmor-profile-switch-to-complain.sh
deleted file mode 100755
index 8c8ad080..00000000
--- a/scripts/apparmor-profile-switch-to-complain.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-for ARG in "$@"
-do
-    PROFILE=$(basename "$ARG")
-    echo "AppArmor: forcing profile $PROFILE in complain mode"
-    ln -s "../$PROFILE" "${ROOTDIR}/etc/apparmor.d/force-complain/"
-done
-- 
GitLab