mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: improve comments on udev data.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-13 15:58:28 +00:00
parent fef6390b9e
commit 09f1babb7c
Failed to generate hash of commit
23 changed files with 37 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/freedesktop/colord
View file

@ -56,7 +56,7 @@ profile colord @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/journal/socket rw,
@{run}/systemd/sessions/* r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c81:@{int} r, # For video4linux
@{sys}/bus/scsi/devices/ r,

2
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -123,7 +123,7 @@ profile pulseaudio @{exec_path} {
@{run}/systemd/users/@{uid} r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511

4
apparmor.d/groups/freedesktop/upowerd
View file

@ -32,10 +32,10 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+i2c:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+power_supply* r,
@{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/+sound:card@{int} r, # for sound card
@{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:@{int} r, # for ALSA

4
apparmor.d/groups/freedesktop/xorg
View file

@ -106,12 +106,12 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
@{sys}/module/i915/{,**} r,
@{run}/udev/data/+acpi:* r, # for acpi
@{run}/udev/data/+dmi* r, # for ?
@{run}/udev/data/+dmi* r, # for motherboard info
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+i2c:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r, # for ?
@{run}/udev/data/+serio:* r, # for touchpad?
@{run}/udev/data/+usb* r, # for USB mouse and keyboard

2
apparmor.d/groups/gnome/gdm
View file

@ -73,7 +73,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/users/@{uid} r,
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/udev/tags/master-of-seat/ r,

4
apparmor.d/groups/gnome/gnome-control-center
View file

@ -123,9 +123,9 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
@{run}/udev/data/+dmi:* r,
@{run}/udev/data/+dmi:* r, # for motherboard info
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/n@{int} r,

6
apparmor.d/groups/gnome/gnome-shell
View file

@ -329,10 +329,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+dmi:id r,
@{run}/udev/data/+dmi:id r, # for motherboard info
@{run}/udev/data/+acpi* r,
@{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+sound:card@{int} r, # for sound card
@{run}/udev/data/+usb* r, # for USB mouse and keyboard
@{run}/udev/data/+i2c:* r,
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard

2
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -105,7 +105,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/**

6
apparmor.d/groups/kde/kwin_wayland
View file

@ -104,12 +104,12 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
@{sys}/devices/**/uevent r,
@{run}/udev/data/+acpi:* r, # for ACPI
@{run}/udev/data/+dmi* r, # for ?
@{run}/udev/data/+dmi:* r, # for motherboard info
@{run}/udev/data/+hid:* r, # for HID subsystem
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r, # for ?
@{run}/udev/data/+sound:card@{int} r,
@{run}/udev/data/+sound:card@{int} r, # for sound card
@{run}/udev/data/+usb:* r,
@{run}/udev/data/c13:@{int} r, # for /dev/input/*

2
apparmor.d/groups/network/ModemManager
View file

@ -25,7 +25,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+usb:* r,
@{run}/udev/data/c16[6,7]:@{int} r, # USB modems

2
apparmor.d/groups/network/NetworkManager
View file

@ -132,7 +132,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{run}/nscd/db* rwl,
@{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/users/@{uid} r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r,
@{run}/udev/data/n@{int} r,

2
apparmor.d/groups/network/nmcli
View file

@ -20,7 +20,7 @@ profile nmcli @{exec_path} {
owner @{HOME}/.nm-vpngate/*.ovpn r,
owner @{HOME}/.cert/nm-openvpn/*.pem rw,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/n@{int} r,
@{sys}/devices/virtual/net/{,**} r,

2
apparmor.d/groups/systemd/systemd-backlight
View file

@ -18,9 +18,9 @@ profile systemd-backlight @{exec_path} {
/var/lib/systemd/backlight/*backlight* rw,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+backlight:* r,
@{run}/udev/data/+leds:*backlight* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{sys}/bus/ r,
@{sys}/bus/pci/devices/ r,

2
apparmor.d/groups/systemd/systemd-hostnamed
View file

@ -35,7 +35,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/default-hostname rw,
@{run}/systemd/notify rw,
@{run}/udev/data/+dmi:id r,
@{run}/udev/data/+dmi:* r, # for motherboard info
@{sys}/devices/virtual/dmi/id/ r,
@{sys}/devices/virtual/dmi/id/bios_date r,

2
apparmor.d/groups/systemd/systemd-logind
View file

@ -78,7 +78,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+backlight:* r,
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features
@{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c14:@{int} r, # Open Sound System (OSS)

6
apparmor.d/groups/ubuntu/subiquity-console-conf
View file

@ -54,13 +54,13 @@ profile subiquity-console-conf @{exec_path} {
@{run}/snapd.socket rw,
@{run}/udev/data/+acpi:* r,
@{run}/udev/data/+dmi* r,
@{run}/udev/data/+dmi:* r, # For motherboard info
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c4:@{int} r, # For TTY devices

6
apparmor.d/groups/virt/libvirtd
View file

@ -160,15 +160,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+backlight:* r,
@{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+dmi:id r,
@{run}/udev/data/+dmi:* r, # for motherboard info
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+hid:* r,
@{run}/udev/data/+input:input@{int} r, # For mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r,
@{run}/udev/data/+sound:card@{int} r, # For sound
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/c1:@{int} r, # For RAM disk
@{run}/udev/data/c6:@{int} r, # For parallel printer devices /dev/lp*

6
apparmor.d/groups/virt/virtnodedevd
View file

@ -46,14 +46,14 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+backlight:* r,
@{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+dmi:id r,
@{run}/udev/data/+dmi:* r, # for motherboard info
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+leds:* r,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+rfkill:* r,
@{run}/udev/data/+sound:* r,
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/c1:@{int} r, # For RAM disk

4
apparmor.d/profiles-g-l/labwc
View file

@ -42,10 +42,10 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+pci:* r, # for VGA compatible controller
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r, # for ?
@{run}/udev/data/+serio:* r, # for touchpad?
@{run}/udev/data/+sound:card@{int} r, # for sound
@{run}/udev/data/+sound:card@{int} r, # for sound card
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*

2
apparmor.d/profiles-m-r/nvtop
View file

@ -25,7 +25,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/*.ref r,
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511

2
apparmor.d/profiles-s-z/steam
View file

@ -149,7 +149,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:@{int} r, # for ALSA

2
apparmor.d/profiles-s-z/switcheroo-control
View file

@ -21,7 +21,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
@{run}/udev/data/+drm:card@{int}-* r, # for screen outputs
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*

2
apparmor.d/profiles-s-z/udisksd
View file

@ -108,7 +108,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{run}/cryptsetup/ r,
@{run}/cryptsetup/L* rwk,
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r,
@{run}/udev/data/+scsi:* r,
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511