It depends on how it's deployed. Usually you'll have to whitelist specific calls from your application, but at system level you can apply policies that only a subset of the system is confined.
As perfectly stated by Wiki's FAQ:
Is AppArmor policy Default Deny (White listing)
Yes, and no. AppArmor profiles are based on default deny, that is the
rules list what is allowed and everything else is denied. AppArmor
policy allows specifying rules to deny actions but these are
convenience function to document known bad behaviors, or to specify
actions that should never be allowed even if an rule allowing it was
added to the profile.
At a system level AppArmor can be consider either default deny or
default allow depending on how it is deployed. If AppArmor is deployed
with a complete system policy so that all tasks are confined then
the deployment can be considered default deny. However AppArmor
allows policy to be deployed incrementally so that only a subset
of the system is actually confined, in this case AppArmor could be
considered to be default allow at the system policy level but anything
that is confined is confined by policy that is default deny.
What is Default Deny (White listing)
Default deny describes the default action applied to a request that
is not listed in policy, in this case deny. Policy that is based on
default deny provides a list of actions that are allowed (white list)
and any thing not listed in policy is denied.
Default deny is considered more secure than default allow because it
only allows known good behavior.
source
