tails/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile

#!/bin/sh

set -e

echo "Installing AppArmor profile for Tor Browser"

PATCH='/usr/share/tails/torbrowser-AppArmor-profile.patch'
PROFILE='/etc/apparmor.d/torbrowser'

### Functions

toggle_src_APT_sources() {
   MODE="$1"
   TEMP_APT_SOURCES='/etc/apt/sources.list.d/tmp-deb-src.list'

   case "$MODE" in
      on)
         cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
            | grep --extended-regexp --line-regexp --invert-match \
                 'deb\s+file:/root/local-packages\s+\./' \
            | grep --extended-regexp --invert-match \
                 '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject(/|\s)' \
            | grep --extended-regexp --invert-match \
                 '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
            | sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
            > "$TEMP_APT_SOURCES"
         ;;
      off)
         rm "$TEMP_APT_SOURCES"
         ;;
   esac

   apt-get --yes update
}

install_torbrowser_AppArmor_profile() {
   tmpdir="$(mktemp -d)"
   (
      cd "$tmpdir"
      apt-get source torbrowser-launcher/stretch
      install -m 0644 \
              torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
              "$PROFILE"
   )
   rm -r "$tmpdir"
}

### Main

toggle_src_APT_sources on
install_torbrowser_AppArmor_profile
toggle_src_APT_sources off
patch --forward --batch "$PROFILE" < "$PATCH"
rm "$PATCH"