From a91b22ffc6732c9354e8ed858e6d28478c5ea956 Mon Sep 17 00:00:00 2001
From: Xianglai Li <lixianglai@loongson.cn>
Date: Tue, 17 Dec 2024 20:29:17 +0800
Subject: [PATCH] apparmor: Allow running loongarch64 VMs

Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run

This makes it possible to run loongarch64 VMs when AppArmor
is enabled

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
 src/security/apparmor/libvirt-qemu.in | 1 +
 src/security/virt-aa-helper.c         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
   /usr/bin/qemu-system-hppa rmix,
   /usr/bin/qemu-system-i386 rmix,
   /usr/bin/qemu-system-lm32 rmix,
+  /usr/bin/qemu-system-loongarch64 rmix,
   /usr/bin/qemu-system-m68k rmix,
   /usr/bin/qemu-system-microblaze rmix,
   /usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
         "/usr/share/AAVMF/",
         "/usr/share/qemu-efi/",              /* for AAVMF images */
         "/usr/share/qemu-efi-aarch64/",
+        "/usr/share/qemu-efi-loongarch64/",
         "/usr/share/qemu-efi-riscv64/",
         "/usr/share/qemu/",                  /* SUSE path for OVMF and AAVMF images */
         "/usr/lib/u-boot/",