hassio-supervised-installer/files/hassio-apparmor

#!/bin/sh
set -e

# Load configs
CONFIG_FILE=/etc/hassio.json

# Read configs
DATA="$(jq --raw-output '.data // "/usr/share/hassio"' ${CONFIG_FILE})"
PROFILES_DIR=${DATA}/apparmor
CACHE_DIR="${PROFILES_DIR}/cache"
REMOVE_DIR="${PROFILES_DIR}/remove"

# Exists AppArmor
if ! command -v apparmor_parser > /dev/null 2>&1; then
    echo "[Warning]: No apparmor_parser on host system!"
    exit 0
fi

# Check folder structure
mkdir -p ${PROFILES_DIR}
mkdir -p ${CACHE_DIR}
mkdir -p ${REMOVE_DIR}

# Load/Update exists/new profiles
for profile in ${PROFILES_DIR}/*; do
    if [ ! -f ${profile} ]; then
        continue
    fi

    # Load Profile
    if ! apparmor_parser -r -W -L ${CACHE_DIR} ${profile}; then
        echo "[Error]: Can't load profile ${profile}"
    fi
done

# Cleanup old profiles
for profile in ${REMOVE_DIR}/*; do
    if [ ! -f ${profile} ]; then
        continue
    fi

    # Unload Profile
    if apparmor_parser -R -W -L ${CACHE_DIR} ${profile}; then
        if rm ${profile}; then
            continue
        fi
    fi
    echo "[Error]: Can't remove profile ${profile}"
done