It is a matter of security that the user is not able to modify the apparmor path directly. It must be done via a root process. Currently the phablet-tools will run 'aa-clickhook --include=/usr/share/autopilot-touch/apparmor/click.rules -f' as root before running the tests. My thought was that you would add these 'fake' paths to /usr/share/autopilot-touch/apparmor/click.rules so that when the phablet test tool is run, the paths are added to the profile accordingly.
It is possible to use globs though. So we can have rules like this:
# Allow writes to various (application-specific) XDG directories
owner /run/user/[0-9]*/autopilot/*/.cache/@{APP_PKGNAME}/ rw, # subdir of XDG_CACHE_HOME
owner /run/user/[0-9]*/autopilot/*/.cache/@{APP_PKGNAME}/** mrwkl,
owner /run/user/[0-9]*/autopilot/*/.config/@{APP_PKGNAME}/ rw, # subdir of XDG_CONFIG_HOME
owner /run/user/[0-9]*/autopilot/*/.config/@{APP_PKGNAME}/** mrwkl,
owner /run/user/[0-9]*/autopilot/*/.local/share/@{APP_PKGNAME}/ rw, # subdir of XDG_DATA_HOME
owner /run/user/[0-9]*/autopilot/*/.local/share/@{APP_PKGNAME}/** mrwklix,
owner /run/user/[0-9]*/autopilot/*/confined/@{APP_PKGNAME}/ rw, # subdir of XDG_RUNTIME_DIR
owner /run/user/[0-9]*/autopilot/*/confined/@{APP_PKGNAME}/** mrwkl,
This way you could do could create a temporary directory (eg /run/user/32011/autopilot/tmpA34Hhh/) and do something like:
XDG_CACHE_HOME=/run/user/32011/autopilot/tmpA34Hhh/.cache
XDG_CONFIG_HOME=/run/user/32011/autopilot/tmpA34Hhh/.config
XDG_DATA_HOME=/run/user/32011/autopilot/tmpA34Hhh/.local/share
XDG_RUNTIME_DIR=/run/user/32011/autopilot/tmpA34Hhh/
It is a matter of security that the user is not able to modify the apparmor path directly. It must be done via a root process. Currently the phablet-tools will run 'aa-clickhook --include= /usr/share/ autopilot- touch/apparmor/ click.rules -f' as root before running the tests. My thought was that you would add these 'fake' paths to /usr/share/ autopilot- touch/apparmor/ click.rules so that when the phablet test tool is run, the paths are added to the profile accordingly.
It is possible to use globs though. So we can have rules like this: specific) XDG directories [0-9]*/ autopilot/ */.cache/ @{APP_PKGNAME} / rw, # subdir of XDG_CACHE_HOME [0-9]*/ autopilot/ */.cache/ @{APP_PKGNAME} /** mrwkl, [0-9]*/ autopilot/ */.config/ @{APP_PKGNAME} / rw, # subdir of XDG_CONFIG_HOME [0-9]*/ autopilot/ */.config/ @{APP_PKGNAME} /** mrwkl, [0-9]*/ autopilot/ */.local/ share/@ {APP_PKGNAME} / rw, # subdir of XDG_DATA_HOME [0-9]*/ autopilot/ */.local/ share/@ {APP_PKGNAME} /** mrwklix, [0-9]*/ autopilot/ */confined/ @{APP_PKGNAME} / rw, # subdir of XDG_RUNTIME_DIR [0-9]*/ autopilot/ */confined/ @{APP_PKGNAME} /** mrwkl,
# Allow writes to various (application-
owner /run/user/
owner /run/user/
owner /run/user/
owner /run/user/
owner /run/user/
owner /run/user/
owner /run/user/
owner /run/user/
This way you could do could create a temporary directory (eg /run/user/ 32011/autopilot /tmpA34Hhh/ ) and do something like: HOME=/run/ user/32011/ autopilot/ tmpA34Hhh/ .cache HOME=/run/ user/32011/ autopilot/ tmpA34Hhh/ .config HOME=/run/ user/32011/ autopilot/ tmpA34Hhh/ .local/ share DIR=/run/ user/32011/ autopilot/ tmpA34Hhh/
XDG_CACHE_
XDG_CONFIG_
XDG_DATA_
XDG_RUNTIME_
Would this work better?