Add a profile for Android ROM compilation

such as AOSP, LineageOS/CyanogenMod, etc. Use like: firejail --profile=/etc/firejail/aosp.profile /bin/bash
author: Tad <tad@spotco.us> 2017-09-25 15:17:06 -0400
committer: Tad <tad@spotco.us> 2017-09-25 15:21:29 -0400
commit: 8638519a4a0d66263d4b198252f6964c226829c9 (patch)
tree: 8bcbadccce2507a4fb7d13d6f7f7bb346ba2ae87 /etc/aosp.profile
parent: Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download: firejail-8638519a4a0d66263d4b198252f6964c226829c9.tar.gz
firejail-8638519a4a0d66263d4b198252f6964c226829c9.tar.zst
firejail-8638519a4a0d66263d4b198252f6964c226829c9.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/etc/aosp.profile b/etc/aosp.profile
new file mode 100644
index 000000000..6109d1701
--- /dev/null
+++ b/etc/aosp.profile
@@ -0,0 +1,42 @@
+# Firejail profile for aosp
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/aosp.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.bash_history
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repoconfig
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-tmp
author	Tad <tad@spotco.us>	2017-09-25 15:17:06 -0400
committer	Tad <tad@spotco.us>	2017-09-25 15:21:29 -0400
commit	8638519a4a0d66263d4b198252f6964c226829c9 (patch)
tree	8bcbadccce2507a4fb7d13d6f7f7bb346ba2ae87 /etc/aosp.profile
parent	Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download	firejail-8638519a4a0d66263d4b198252f6964c226829c9.tar.gz firejail-8638519a4a0d66263d4b198252f6964c226829c9.tar.zst firejail-8638519a4a0d66263d4b198252f6964c226829c9.zip

diff --git a/etc/aosp.profile b/etc/aosp.profile new file mode 100644 index 000000000..6109d1701 --- /dev/null +++ b/etc/aosp.profile
@@ -0,0 +1,42 @@
	1	# Firejail profile for aosp
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/aosp.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	noblacklist ${HOME}/.android
	10	noblacklist ${HOME}/.bash_history
	11	noblacklist ${HOME}/.gitconfig
	12	noblacklist ${HOME}/.gradle
	13	noblacklist ${HOME}/.jack-server
	14	noblacklist ${HOME}/.jack-settings
	15	noblacklist ${HOME}/.java
	16	noblacklist ${HOME}/.repo_.gitconfig.json
	17	noblacklist ${HOME}/.repoconfig
	18	noblacklist ${HOME}/.ssh
	19	noblacklist ${HOME}/.tooling
	20
	21	include /etc/firejail/disable-common.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24
	25	include /etc/firejail/whitelist-var-common.inc
	26
	27	caps.drop all
	28	ipc-namespace
	29	netfilter
	30	no3d
	31	nodvd
	32	nogroups
	33	nonewprivs
	34	noroot
	35	nosound
	36	notv
	37	novideo
	38	protocol unix,inet,inet6
	39	seccomp
	40	shell none
	41
	42	private-tmp