# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path}  = @{lib}/baloorunner
@{exec_path} += @{lib}/@{multiarch}/{,libexec/}baloorunner
profile baloorunner /{{,usr/}lib{,exec,32,64}/baloorunner,{,usr/}lib{,exec,32,64}/*-linux-gnu*/{,libexec/}baloorunner,{,usr/}lib{,exec,32,64}/*-linux-gnu*/{,libexec/}baloorunner} flags=(complain) {
  include <abstractions/base>
  include <abstractions/graphics>
  include <abstractions/kde-strict>
  include <abstractions/nameservice-strict>

  @{exec_path} mr,

  @{bin}/* rpx,

  /etc/xdg/baloofilerc r,

  owner @{user_cache_dirs}/icon-cache.kcache rw,

  owner @{user_config_dirs}/baloofilerc r,

  owner @{user_share_dirs}/baloo/{,**} rwk,

  /tmp/ r,

  @{run}/udev/data/+acpi:* r,             # for acpi
  @{run}/udev/data/+bluetooth:* r,
  @{run}/udev/data/+dmi* r,               # for motherboard info
  @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard
  @{run}/udev/data/+i2c:* r,
  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
  @{run}/udev/data/+leds:* r,
  @{run}/udev/data/+pci:* r,              # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
  @{run}/udev/data/+platform:* r,
  @{run}/udev/data/+power_supply* r,
  @{run}/udev/data/+rfkill:* r,
  @{run}/udev/data/+sound:card@{int} r,   # for sound card

  @{run}/udev/data/c1:@{int}    r,        # For RAM disk
  @{run}/udev/data/c4:@{int} r,           # For TTY devices
  @{run}/udev/data/c5:@{int}   r,         # for /dev/tty, /dev/console, /dev/ptmx
  @{run}/udev/data/c7:@{int} r,           # For Virtual console capture devices
  @{run}/udev/data/c10:@{int} r,          # for non-serial mice, misc features
  @{run}/udev/data/c116:@{int} r,         # For ALSA
  @{run}/udev/data/c13:@{int}  r,         # For /dev/input/*
  @{run}/udev/data/c18[0,8,9]:@{int} r,   # USB devices & USB serial converters
  @{run}/udev/data/c29:@{int} r,          # For /dev/fb[0-9]*
  @{run}/udev/data/c89:@{int} r,          # For I2C bus interface
  @{run}/udev/data/c202:@{int} r,         # CPU model-specific registers
  @{run}/udev/data/c203:@{int} r,         # CPU CPUID information
  @{run}/udev/data/c226:@{int} r,         # For /dev/dri/card[0-9]*
  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511

  @{sys}/bus/ r,
  @{sys}/bus/*/devices/ r,
  @{sys}/class/*/ r,
  @{sys}/devices/**/uevent r,

  /dev/tty r,

  include if exists <local/baloorunner>
}

# vim:syntax=apparmor
