The location of policy can be set by dropping a policy config file in $(config_location)/policy_conf.d/. Where $(config_location) is either the default location /etc/apparmor/ or set as a build option ???.
Multiple policy locations
Policy can exist in multiple locations, for each location (even if the policy is not managed by AppArmor) a config file should be dropped in $(config_location)/policy_conf.d/. This enables the AppArmor init system and tools find and function with the different policy locations. Even for policy not managed by AppArmor a policy config file should be added so the AppArmor tools can know not to touch the alternately managed policy.
User defined policy requires that an apparmor namespace be setup for the user by the system. This can be done through the pam_apparmor plug-in. In addition the pam_apparmor plug-in can load the initial user defined policy if it is stored in the configured location.
text policy: .apparmor.d/
binary policy cache: ?????
In addition to using pam_apparmor to setup a users policy namespace. The user can configure the aa-policy daemon to run at session login. The daemon can be used to watch the user's policy for changes and automatically reload policy.
Application defined policy
application can choose where to store policy and where to store its binary policy