ubuntu-phone team mailing list archive

Thread
Date

Porting: hardware specific AppArmor access made easier

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Tue, 08 Oct 2013 17:38:23 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0

Hi!

Up until recently, it was more difficult than it needed to be to adjust AppArmor
policy to work on a ported device. The problem is that hardware specific
AppArmor access rules are needed to make click packages work on a device, but
there wasn't an easy way to update the AppArmor policy.

Eg, the Nexus 4 (mako) needs something like this:

  # FIXME: Nexus 4 (mako)
  /dev/kgsl-3d0 rw,
  /dev/ion rw,

Prior to apparmor-easyprof-ubuntu 1.0.36, these rules were hard-coded in the
templates, but this proved very inconvenient for porters since it required
updating the apparmor-easyprof-ubuntu package. Now, the templates look in
/usr/share/apparmor/hardware, so porters can just drop AppArmor rules into the
appropriate subdirectory and have click packages pick them up. I updated the
Porting wiki[2] to describe the process.

Happy porting!

[1]http://launchpad.net/bugs/1197133
[2]https://wiki.ubuntu.com/Touch/Porting#AppArmor

-- 
Jamie Strandboge                 http://www.ubuntu.com/