From 10de7941b0800254028d10ce61821c31c5271603 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 14 Jun 2022 19:12:38 +0100
Subject: [PATCH] feat(profiles): add fprintd.

---
 apparmor.d/profiles-a-f/fprintd | 48 +++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/fprintd

diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd
new file mode 100644
index 00000000..8d32411c
--- /dev/null
+++ b/apparmor.d/profiles-a-f/fprintd
@@ -0,0 +1,48 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{libexec}/fprintd
+profile fprintd @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/dbus-strict>
+  include <abstractions/devices-usb>
+
+  capability sys_nice,
+
+  network netlink raw,
+
+  dbus receive bus=system path=/net/reactivated/Fprint/Manager
+       interface=net.reactivated.Fprint.Manager
+       member={GetDefaultDevice,GetDevices},
+
+  dbus receive bus=system path=/net/reactivated/Fprint/Manager
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll,
+
+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={RequestName,ReleaseName}
+        peer=(name=org.freedesktop.DBus),
+
+  dbus send bus=system path=/org/freedesktop/login[0-9]
+       interface=org.freedesktop.login[0-9].Manager
+       member=Inhibit
+        peer=(name=org.freedesktop.login[0-9]),
+
+  dbus bind bus=system 
+       name=net.reactivated.Fprint,
+
+  @{exec_path} mr,
+
+  /etc/fprintd.conf r,
+
+  @{run}/systemd/journal/socket rw,
+  @{run}/systemd/inhibit/*.ref w,
+
+  include if exists <local/fprintd>
+}
\ No newline at end of file