From ac389ea4f4325996c1f0860042ef7a879a43983b Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 31 Dec 2019 00:26:34 -0800
Subject: [PATCH] apparmor: update profiles

* dhcpcd, wpa_supplicant: add small additional permissions
* wpa_cli: remove profile, it causes issues with the -a flag;
           expected impact is low: wpa_cli is run as a normal user,
	   and it does not serve requests to other users.
---
 srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd   |  1 +
 srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli  | 16 ----------------
 .../files/profiles/usr.bin.wpa_supplicant        |  1 +
 srcpkgs/apparmor/template                        |  2 +-
 4 files changed, 3 insertions(+), 17 deletions(-)
 delete mode 100644 srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli

diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd b/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
index 3e9d39be538..755654a03da 100644
--- a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
@@ -46,6 +46,7 @@ profile dhcpcd /{usr/,}bin/dhcpcd {
   /{usr/,}bin/dhcpcd mrix,
 
   owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/stat r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.dhcpcd>
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
deleted file mode 100644
index 72439f0d59b..00000000000
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_cli
+++ /dev/null
@@ -1,16 +0,0 @@
-#include <tunables/global>
-
-/usr/bin/wpa_cli {
-  #include <abstractions/base>
-
-  /usr/bin/wpa_cli mr,
-
-  /{var/,}run/wpa_supplicant/ r,
-  owner /tmp/wpa_ctrl_@{pid}-[0-9] rw,
-
-  # for interactive mode
-  /etc/inputrc r,
-  owner @{HOME}/.wpa_cli_history rw,
-
-  #include <local/usr.bin.wpa_cli>
-}
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
index fbe20060de4..df53acc82d6 100644
--- a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
@@ -28,6 +28,7 @@
   /etc/nsswitch.conf r,
   /etc/group r,
  
+  @{PROC}/sys/net/ipv{4,6}/conf/*/* rw,
   @{PROC}/@{pid}/psched r,
 
   /dev/rfkill r,
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index d63b0f05814..01e987e7bc1 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=2.13.3
-revision=3
+revision=4
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure