Skip to content

Backport AppArmor: Add RPi4b rules

Frederic Danis requested to merge apertis/v2023dev1 into apertis/v2022

The apparmor-ofono test fails with following AppArmor messages:

# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/net/eth0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/net/wlan0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/tty/ttyS1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/vendor
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/device
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/vendor
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/device
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/net/eth0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/tty/ttyS1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/net/wlan0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/net/eth0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/net/wlan0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/tty/ttyS1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/vendor
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/device
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/vendor
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/device
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-0:1.0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/net/eth0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/fd580000.ethernet/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/scb/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/tty/ttyS1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe215040.serial/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/net/wlan0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/mmc0:0001:1/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/mmc0:0001/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/mmc_host/mmc0/uevent
# request_mask:r
# ====
# profile:/usr/sbin/ofonod
# sdmode:REJECTING
# denied_mask:r
# operation:open
# name:/sys/devices/platform/soc/fe300000.mmc/uevent
# request_mask:r

https://phabricator.apertis.org/T8556

Signed-off-by: Frédéric Danis frederic.danis@collabora.com

Merge request reports

Apertis Website Terms of Use Privacy Policy