# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{bin}/plasma_session
profile plasma_session /{,usr/}{,s}bin/plasma_session flags=(complain) {
  include <abstractions/base>
  include <abstractions/kde-strict>

  @{exec_path} mr,

  @{bin}/firewall-applet                                 rPx,
  @{bin}/gmenudbusmenuproxy                              rPx,
  @{bin}/kaccess                                         rPx,
  @{bin}/kcminit                                         rPx,
  @{bin}/kded{5,6}                                       rPx,
  @{bin}/ksmserver                                       rPx,
  @{bin}/ksplashqml                                      rPx,
  @{bin}/kwin_wayland_wrapper                            rPx,
  @{bin}/plasmashell                                     rPx,
  @{bin}/spice-vdagent                                   rPx,
  @{bin}/xembedsniproxy                                  rPx,
  @{lib}/pam_kwallet_init                                rPx,

  @{bin}/baloo_file Px,
  @{lib}/@{multiarch}/{,libexec/}baloo_file Px,
  @{lib}/{,kf6/}baloo_file Px,
  @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
  @{lib}/DiscoverNotifier Px,
  @{lib}/geoclue Px,
  @{lib}/geoclue-2.0/demos/agent Px,
  @{lib}/@{multiarch}/{,libexec/}org_kde_powerdevil Px,
  @{lib}/org_kde_powerdevil Px,
  @{lib}/@{multiarch}/{,libexec/}polkit-kde-authentication-agent-[0-9] Px,
  @{lib}/polkit-kde-authentication-agent-[0-9] Px,

  /usr/share/kservices{5,6}/{,**} r,
  /usr/share/knotifications{5,6}/{,**} r,

  /etc/xdg/autostart/ r,
  /etc/xdg/autostart/*.desktop r,
  /etc/xdg/menus/ r,

  owner @{user_cache_dirs}/ksycoca{5,6}_* r,

  owner @{user_config_dirs}/baloofilerc r,
  owner @{user_config_dirs}/kdedefaults/ksplashrc r,
  owner @{user_config_dirs}/plasma-welcomerc r,

  @{PROC}/sys/kernel/core_pattern r,

  include if exists <local/plasma_session>
}