=== modified file 'debian/changelog'
--- debian/changelog	2014-06-11 18:43:53 +0000
+++ debian/changelog	2014-06-24 22:15:21 +0000
@@ -1,3 +1,15 @@
+network-manager (0.9.8.8-0ubuntu19) UNRELEASED; urgency=medium
+
+  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
+    - add debian/usr.sbin.NetworkManager
+    - debian/control: Build-Depends on dh-apparmor
+    - debian/rules: update override_dh_installdeb to use dh_apparmor
+    - debian/network-manager.dirs: add etc/apparmor.d
+    - debian/network-manager.install: install profile in to place
+    - debian/network-manager.upstart: update to load AppArmor profile
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 24 Jun 2014 12:46:49 -0500
+
 network-manager (0.9.8.8-0ubuntu18) utopic; urgency=medium
 
   * debian/control: allow for ofono to be installed instead of modemmanager

=== modified file 'debian/control'
--- debian/control	2014-06-11 18:43:53 +0000
+++ debian/control	2014-06-24 22:15:21 +0000
@@ -38,7 +38,8 @@
  python-gobject-2,
  python-dbus,
  gir1.2-glib-2.0,
- gir1.2-freedesktop
+ gir1.2-freedesktop,
+ dh-apparmor
 Standards-Version: 3.9.4
 Vcs-Bzr: https://code.launchpad.net/~network-manager/network-manager/ubuntu
 Homepage: http://www.gnome.org/projects/NetworkManager/

=== modified file 'debian/network-manager.dirs'
--- debian/network-manager.dirs	2013-03-07 19:23:26 +0000
+++ debian/network-manager.dirs	2014-06-24 22:15:21 +0000
@@ -2,3 +2,4 @@
 etc/NetworkManager/system-connections/
 etc/NetworkManager/VPN/
 etc/NetworkManager/dnsmasq.d/
+etc/apparmor.d/

=== modified file 'debian/network-manager.install'
--- debian/network-manager.install	2014-04-22 15:05:52 +0000
+++ debian/network-manager.install	2014-06-24 22:15:21 +0000
@@ -26,3 +26,4 @@
 debian/source_network-manager.py /usr/share/apport/package-hooks/
 debian/NetworkManager.conf etc/NetworkManager/
 debian/debug-helper.py usr/lib/NetworkManager/
+debian/usr.sbin.NetworkManager etc/apparmor.d/

=== modified file 'debian/network-manager.upstart'
--- debian/network-manager.upstart	2012-05-22 22:09:44 +0000
+++ debian/network-manager.upstart	2014-06-24 22:15:21 +0000
@@ -13,6 +13,10 @@
 expect fork
 respawn
 
+pre-start script
+    /lib/init/apparmor-profile-load usr.sbin.NetworkManager
+end script
+
 script
 	# set $LANG so that messages appearing on the GUI will be translated. See LP: 875017
 	if [ -r /etc/default/locale ]; then

=== modified file 'debian/rules'
--- debian/rules	2014-04-22 15:05:52 +0000
+++ debian/rules	2014-06-24 22:15:21 +0000
@@ -123,6 +123,10 @@
 		AUTOPOINT='intltoolize --automake --copy' autoreconf --force --install --verbose; \
 	fi
 
+override_dh_installdeb:
+	dh_apparmor --profile-name=usr.sbin.NetworkManager -pnetwork-manager
+	dh_installdeb
+
 GET_SOURCE = \
 	set -e; \
 	tmpdir=`mktemp -d -t`; \

=== added file 'debian/usr.sbin.NetworkManager'
--- debian/usr.sbin.NetworkManager	1970-01-01 00:00:00 +0000
+++ debian/usr.sbin.NetworkManager	2014-06-24 22:15:21 +0000
@@ -0,0 +1,30 @@
+#include <tunables/global>
+
+# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
+/usr/sbin/NetworkManager (attach_disconnected) {
+  capability,
+  mount,
+  remount,
+  umount,
+  network,
+  dbus,
+  signal,
+  ptrace,
+  /   rwkl,
+  /** rwlkm,
+  /** pix,
+}
+
+/etc/NetworkManager/dispatcher.d/03mmsproxy (attach_disconnected) {
+  capability,
+  mount,
+  remount,
+  umount,
+  network,
+  /   rwkl,
+  /** rwlkm,
+  /** pix,
+  dbus,
+  signal,
+  ptrace,
+}