Thanks, I took a look at creating a profile for nsjail, but I'm a bit confused on how to associate it with the app?
Because nsjail is a prebuilt in AOSP's source code that means it could be litteraly anywhere on the user's system, e.g:
~/android-14.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
~/android-13.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
~/android-12.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
Thanks, I took a look at creating a profile for nsjail, but I'm a bit confused on how to associate it with the app?
Because nsjail is a prebuilt in AOSP's source code that means it could be litteraly anywhere on the user's system, e.g: 14.0.0_ r1/prebuilts/ build-tools/ linux-x86/ bin/nsjail 13.0.0_ r1/prebuilts/ build-tools/ linux-x86/ bin/nsjail 12.0.0_ r1/prebuilts/ build-tools/ linux-x86/ bin/nsjail
~/android-
~/android-
~/android-
``` build-tools/ linux-x86/ bin/nsjail flags=(unconfined) {
profile nsjail /**/prebuilts/
```
I tested the above and it works, but is there a better way to do this? Feels dirty and not what apparmor people would want.