[Focal] adjust the AppArmor rule again to explicitly deny Android logging, among other things.
Currently, when playing video journald is spammed with:
Jan 17 01:37:32 ubuntu-phablet audit[3423]: AVC apparmor="DENIED" operation="open" profile="/usr/bin/media-hub-server" name="/dev/pmsg0" pid=3423 comm="amcvideodec-omx" requested_mask="w" denied_mask="w" fsuid=32011 ouid=0
Jan 17 01:37:32 ubuntu-phablet audit[3423]: AVC apparmor="DENIED" operation="sendmsg" profile="/usr/bin/media-hub-server" name="/dev/socket/logdw" pid=3423 comm="amcvideodec-omx" requested_mask="w" denied_mask="w" fsuid=32011 ouid=1036
This causes CPU usage of systemd-journald
to go to near 100% (Volla Phone). It's already been addressed in apparmor-easyprof-ubuntu!18 (merged), but since we don't use that, we have to bring it in ourselves.
Since this is a serious performance regression, put it in the 20.04 OTA 1 milestone.