After discussion with Jamie, I think we merely want to restrict ofono usage to a particular set of system processes.
AppArmor is not capable of restricting individual properties, and unfortunately "Online" is a property of the top-level org.ofono.Modem interface which we really can't restrict to just urfkill.
Our current plan of record is that we will provide basic unrestrictive AppArmor profiles to the following system/session processes:
After discussion with Jamie, I think we merely want to restrict ofono usage to a particular set of system processes.
AppArmor is not capable of restricting individual properties, and unfortunately "Online" is a property of the top-level org.ofono.Modem interface which we really can't restrict to just urfkill.
Our current plan of record is that we will provide basic unrestrictive AppArmor profiles to the following system/session processes:
- NetworkManager
- telepathy-ofono ( or related telepathy process/component )
- urfkill
- indicator-network
- nuntium ( MMS daemon )
- powerd