File: /volume1/@appstore/AntiVirus/apparmor/pkg_AntiVirus
# ----------------------------------------------------------------------------
#
# Copyright (C) 2000-2015 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------
#include <tunables/global>
/volume*/@appstore/AntiVirus/engine/clamav/bin/freshclam {
#include <abstractions/base>
#include <abstractions/base-cgi>
capability setgid,
/volume*/@appstore/AntiVirus/engine/clamav/etc/{,**} r,
/volume*/@appstore/AntiVirus/engine/clamav/lib/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/lib64/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/var/{,**} rwk,
/volume*/@appstore/AntiVirus/engine/clamav/tmp/{,**} rwl,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.General {
#include <abstractions/base>
#include <abstractions/base-cgi>
#include <abstractions/libsynonetsdk>
#For nmblookup, libsynonetsdk use nmblookup with ix
/etc/shadow r,
/etc/proxy.conf r,
/volume*/ rw,
/volume*/@AntiVirus/ r,
/volume*/@AntiVirus/.report rwk,
/volume*/@AntiVirus/.report-journal rwk,
/volume*/@appstore/AntiVirus/ r,
/volume*/@appstore/AntiVirus/.synoavtmp* rwk,
/volume*/@appstore/AntiVirus/engine/clamav/bin/freshclam ix,
/volume*/@appstore/AntiVirus/engine/clamav/bin/sigtool ix,
/volume*/@appstore/AntiVirus/engine/clamav/lib/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/lib64/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/etc/freshclam.conf{,**} rwk,
/volume*/@appstore/AntiVirus/engine/clamav/var/freshclam.log rwk,
/volume*/@appstore/AntiVirus/engine/clamav/var/lib/{,**} rwk,
/volume*/@appstore/AntiVirus/engine/clamav/lib/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/lib64/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/tmp/{,**} rwl,
/volume*/@appstore/AntiVirus/scripts/clamav.sh rix,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/lib/libsynoavclam.so mr,
/volume*/@appstore/AntiVirus/webapi/settings/SYNO.AntiVirus.Settings.so mr,
/volume*/@quarantine/ rwk,
/volume*/@quarantine/.mvfailed* rwk,
/volume*/.quarantine rwk,
/volume*/.quarantine-journal rwk,
/volumeUSB*/usbshare*/ rwk,
/volumeUSB*/usbshare*/@quarantine/ rwk,
/volumeUSB*/usbshare*/@quarantine/.mvfailed* rwk,
/volumeUSB*/usbshare*/.quarantine rwk,
/volumeUSB*/usbshare*/.quarantine-journal rwk,
/var/packages/AntiVirus/ rwk,
/var/@quarantine/ rwk,
/var/@quarantine/.mvfailed* rwk,
/var/quarantine/ rwk,
/var/quarantine/.quarantine rwk,
/var/quarantine/.quarantine-journal rwk,
/var/quarantine/@quarantine/ rwk,
/var/quarantine/@quarantine/.mvfailed* rwk,
/usr/syno/etc/preference/admin/appnotify rwk,
/usr/syno/etc/preference/admin/appnotify.tmp rwk,
/usr/syno/etc/preference/admin/dsmnotify rwk,
capability mac_admin,
capability fowner,
capability chown,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.Scan {
#include <abstractions/base>
#include <abstractions/base-cgi>
/{,**} rwk,
/bin/gpg ix,
/usr/lib/{,**} mr,
/usr/syno/synoha/lib/ r,
/volume*/@appstore/AntiVirus/.synoavtmp* rwk,
/volume*/@appstore/AntiVirus/bin/synoavscan ix,
/volume*/@appstore/AntiVirus/lib/liblnxfv.so.4 mr,
/volume*/@appstore/AntiVirus/lib/libstdc++.so.5 mr,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/lib/libsynoavclam.so mr,
/volume*/@appstore/AntiVirus/webapi/scan/SYNO.AntiVirus.Scan.so mr,
/volume*/@appstore/AntiVirus/engine/clamav/bin/freshclam ix,
/volume*/@appstore/AntiVirus/engine/clamav/bin/sigtool ix,
/volume*/@appstore/AntiVirus/engine/clamav/lib/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/lib64/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/etc/freshclam.conf{,**} rwk,
/volume*/@appstore/AntiVirus/engine/clamav/var/freshclam.log rwk,
/volume*/@appstore/AntiVirus/engine/clamav/var/lib/{,**} rwk,
/volume*/@appstore/AntiVirus/engine/clamav/lib/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/lib64/{,**} mr,
/volume*/@appstore/AntiVirus/engine/clamav/tmp/{,**} rwl,
/volume*/@appstore/AntiVirus/scripts/clamav.sh ix,
network inet dgram,
network inet stream,
capability ipc_lock,
capability fowner,
capability chown,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.Quarantine {
#include <abstractions/base>
#include <abstractions/base-cgi>
/{,**} rwk,
/usr/syno/etc/synoshare.db r,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/webapi/quarantine/SYNO.AntiVirus.Quarantine.so mr,
capability chown,
capability fowner,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.Config {
#include <abstractions/base>
#include <abstractions/base-cgi>
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/webapi/settings/SYNO.AntiVirus.Settings.so mr,
/usr/syno/etc/packages/AntiVirus/synoav.* rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.WhiteList {
#include <abstractions/base>
#include <abstractions/base-cgi>
/usr/syno/etc/packages/AntiVirus/whitelist.conf* rwk,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/webapi/settings/SYNO.AntiVirus.Settings.so mr,
/volume*/@quarantine/ rwk,
/volume*/@quarantine/.mvfailed* rwk,
/volume*/.quarantine rwk,
/volume*/.quarantine-journal rwk,
/volumeUSB*/usbshare/@quarantine/ rwk,
/volumeUSB*/usbshare/@quarantine/.mvfailed* rwk,
/volumeUSB*/usbshare/.quarantine rwk,
/volumeUSB*/usbshare/.quarantine-journal rwk,
/var/quarantine/ rwk,
/var/quarantine/@quarantine/ rwk,
/var/quarantine/@quarantine/.mvfailed* rwk,
/var/quarantine/.quarantine rwk,
/var/quarantine/.quarantine-journal rwk,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.Schedule {
#include <abstractions/base>
#include <abstractions/base-cgi>
/etc/crontab rwk,
/etc/crontab.* rwk,
/usr/syno/etc/packages/AntiVirus/.schedule-journal rwk,
/usr/syno/etc/packages/AntiVirus/schedule/{,**} rwk,
/usr/syno/etc/packages/AntiVirus/.schedule* rwk,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/webapi/settings/SYNO.AntiVirus.Settings.so mr,
}
^/usr/syno/sbin/synoscgi//SYNO.AntiVirus.Log {
#include <abstractions/base>
#include <abstractions/base-cgi>
/volume*/@AntiVirus/ rwk,
/volume*/@AntiVirus/.report* rwk,
/volume*/@appstore/AntiVirus/ rwk,
/volume*/@appstore/AntiVirus/lib/libsynoav.so mr,
/volume*/@appstore/AntiVirus/webapi/log/SYNO.AntiVirus.Log.so mr,
}