Tor Browser Bundle (TBB) 2.2.x AppArmor Profile

# Tor Browser Bundle 2.2.x AppArmor profile by Anonymous
# Based on Firefox profile from Jamie Strandboge <jamie@canonical.com>

#include <tunables/global>

# We want to confine the binaries that match:
/**/tor-browser_*/App/Firefox/firefox {
  # FIXME: Some of these abstractions may be a tad permissive
  #include <abstractions/audio>
  #include <abstractions/cups-client>
  #include <abstractions/dbus-session>
  #include <abstractions/gnome>
  #include <abstractions/ibus>

  # Tor should be doing our DNS
  # #include <abstractions/nameservice>

  # This is 100% UNSAFE. Allows full read+write access to /home,
  # with only a few minor exceptions!!
  # #include <abstractions/ubuntu-browsers.d/firefox>

  # Default profile allows downloads to ~/Downloads and uploads from ~/Public
  owner @{HOME}/Public/ r,
  owner @{HOME}/Public/* r,
  owner @{HOME}/Downloads/ r,
  owner @{HOME}/Downloads/* rw,

  # TBB file access
  /**/tor-browser_*/Data/profile/ rk,
  /**/tor-browser_*/Data/profile/** rwk,
  /**/tor-browser_*/tmp/** rwk,
  /**/tor-browser_*/App/Firefox/** rixm,
  /**/tor-browser_*/.event/* rk,
  /**/tor-browser_*/.cache/* rwk,
  /**/tor-browser_*/.pulse-cookie rwk,

  # for networking, only allow connections to localhost
  # network tcp dst 127.0.0.1, # TODO: Needs AppArmor 3.0?
  network tcp, # :(

  /etc/mime.types r,
  /etc/mailcap r,
  /etc/xdg/*buntu/applications/defaults.list    r, # for all derivatives
  /usr/share/xubuntu/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,

  /etc/timezone r,
  /etc/wildmidi/wildmidi.cfg r,

  # Firefox likes to inspect its own proc entry, possibly for FS info during
  # downloads?
  @{PROC}/ r,
  @{PROC}/[0-9]*/cmdline r,
  @{PROC}/[0-9]*/mountinfo r,
  @{PROC}/**/stat r,

  # FIXME: Not sure why this is needed.. Possibly for JIT optimizations?
  # If you're paranoid, you can probably throw a "deny" in front of here
  /sys/devices/system/cpu/** r,

  # FIXME: Firefox needs /etc/password for some gnome shiz :(
  /etc/passwd r,
  /etc/nsswitch.conf r,

  # No DNS for you, firefox.
  deny /etc/resolv.conf r,
  deny /etc/hosts r,
  deny /etc/host.conf r,

  # TODO: This is noisy. Should be silent. Apparmor bug??
  #deny network dgram,
  network dgram,
}

/**/tor-browser_*/App/tor {
  #include <abstractions/base>

  network tcp,

  # TODO: This is noisy. Should be silent. Apparmor bug??
  # XXX: Why does Tor need UDP?
  #deny network dgram,
  network dgram,

  /**/tor-browser_*/Data/Tor/* rwk,
  /**/tor-browser_*/tmp/* rwk,

  /**/tor-browser_*/Lib/* mrix,
  /**/tor-browser_*/Lib/libz/* mrix,
}

/**/tor-browser_*/App/vidalia {
  # #include <abstractions/nameservice>
  #include <abstractions/fonts>
  #include <abstractions/freedesktop.org>
  #include <abstractions/dbus-session>
  #include <abstractions/ibus>

  # TODO: :(. Can't restrict to localhost till Apparmor 3.0
  network tcp,

  # We can't use abstractions/base for these because
  # it conflicts with the ability to launch tor+firefox somehow (??)
  /etc/ld.so.cache r,
  /usr/lib/** mr,
  /lib/** mr,
  /dev/urandom r,
  /usr/share/** rk, # Icons, themes, etc
  /etc/xdg/Trolltech.conf rk,
  /etc/locale.alias r,
  /etc/localtime r,

  deny /proc/** r, # Who needs /proc? STFU, plz

  /**/tor-browser_*/App/tor px,
  /**/tor-browser_*/App/Firefox/firefox px,

  /**/tor-browser_*/tmp/* rwk,
  /**/tor-browser_*/Data/Vidalia/* rwk,
  /**/tor-browser_*/Data/Tor/port.conf r,

  /**/tor-browser_*/Lib/* mrix,
  /**/tor-browser_*/Lib/libz/* mrix,

  /etc/ssl/certs/ r,
  /etc/ssl/certs/** r,

  # Trolltech nonsense...
  deny /**/tor-browser_*/.config/ w,
  deny /**/tor-browser_*/.config/** rwmk,

  # XXX: WTF?? Why does vidalia need my xauth???
  deny @{HOME}/.Xauthority rwmk,

  # XXX: WTF?? /etc/passwd?
  deny /etc/passwd rmk,

  # XXX: Vidalia needs DNS?
  deny /etc/nsswitch.conf rmk,
}