$ aa-easyprof --templates-dir=/usr/share/apparmor/easyprof/templates \ --policy-groups-dir=/usr/share/apparmor/easyprof/policygroups \ --policy-vendor="foo" \ --policy-version=1.0
Then /usr/share/apparmor/easyprof/templates/foo/1.0 will be searched for templates and /usr/share/apparmor/easyprof/policygroups/foo/1.0 for policy groups.
{ "security": { "profiles": { "<profile name 1>": { ... attributes specific to this profile ... }, "<profile name 2>": { ... } } } }
Each profile JSON object (ie, everything under a profile name) may specify any fields related to policy. The ``security'' JSON container object is optional and may be omitted. An example manifest file demonstrating all fields is:
{ "security": { "profiles": { "com.example.foo": { "abstractions": [ "audio", "gnome" ], "author": "Your Name", "binary": "/opt/foo/**", "comment": "Unstructured single-line comment", "copyright": "Unstructured single-line copyright statement", "name": "My Foo App", "policy_groups": [ "networking", "user-application" ], "policy_vendor": "somevendor", "policy_version": 1.0, "read_path": [ "/tmp/foo_r", "/tmp/bar_r/" ], "template": "user-application", "template_variables": { "APPNAME": "foo", "VAR1": "bar", "VAR2": "baz" }, "write_path": [ "/tmp/foo_w", "/tmp/bar_w/" ] } } } }
A manifest file does not have to include all the fields. Eg, a manifest file for an Ubuntu SDK application might be:
{ "security": { "profiles": { "com.ubuntu.developer.myusername.MyCoolApp": { "policy_groups": [ "networking", "online-accounts" ], "policy_vendor": "ubuntu", "policy_version": 1.0, "template": "ubuntu-sdk", "template_variables": { "APPNAME": "MyCoolApp", "APPVERSION": "0.1.2" } } } } }
$ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" \ --policy-groups=opt-application,user-application \ /opt/foo/bin/FooApp
When using a manifest file:
$ aa-easyprof --manifest=manifest.json
To output a manifest file based on aa-easyprof arguments:
$ aa-easyprof --output-format=json \ --author="Your Name" \ --comment="Unstructured single-line comment" \ --copyright="Unstructured single-line copyright statement" \ --name="My Foo App" \ --profile-name="com.example.foo" \ --template="user-application" \ --policy-groups="user-application,networking" \ --abstractions="audio,gnome" \ --read-path="/tmp/foo_r" \ --read-path="/tmp/bar_r/" \ --write-path="/tmp/foo_w" \ --write-path=/tmp/bar_w/ \ --template-var="@{APPNAME}=foo" \ --template-var="@{VAR1}=bar" \ --template-var="@{VAR2}=baz" \ "/opt/foo/**"