Merge profiles: add a who profile

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1634
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: Maxime Bélair <maxime.belair@canonical.com>

profiles/apparmor.d/who

@@ -0,0 +1,36 @@
+abi <abi/4.0>,
+include <tunables/global>
+
+profile who /usr/bin/who {
+  include <abstractions/base>
+  # who can theoretically take an arbitrary file argument but there seems to be
+  # no common reason why one would want to pass a file not listed in the below
+  # abstraction, or their rotated equivalents
+  include <abstractions/wutmp>
+  # rotated logs
+  /var/log/wtmp.@{d} r,
+  /var/log/btmp.@{d} r,
+  
+  # Despite listing information about consoles, <abstractions/consoles> does not
+  # seem to be needed:
+  # - Current logged-in users and their terminals is grabbed from files listed
+  #   in <abstractions/wutmp>
+  # - Any additional information about the terminals is obtained via a
+  #   combination of dirfd=openat(AT_FDCWD, "/dev", O_RDONLY|O_PATH|O_DIRECTORY)
+  #   and newfstatat(dirfd, terminal_name, out_ptr)
+  # - O_PATH fds bypass mediation so /dev/ r, is not needed for the first step
+  # - fstatat does not require permissions on the file itself, as stated in its
+  #   man page
+  # Overall result: the above calls are not mediated by LSMs
+
+  /usr/bin/who mr,
+
+  # who sends the "exists" signal via kill(pid, 0)
+  capability kill,
+
+  # Deny the writes allowed by abstractions/wutmp
+  audit deny /var/** w,
+  audit deny @{run}/utmp w,
+  
+  include if exists <local/who>
+}

tests/profiles/who/task.yaml

@@ -0,0 +1,7 @@
+summary: smoke test for the who profile
+execute: |
+    # who works when asked to grab everything
+    who -a
+
+    # The profile is attached based on the program path.
+    "$SPREAD_PATH"/tests/bin/actual-profile-of who | MATCH 'who \(enforce\)'