From 604a95119da44e0e05b473d5b250ff443570f191 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 8 Apr 2021 22:40:03 +0100
Subject: [PATCH] Add usbguard-notifier.

---
 apparmor.d/profiles-m-z/usbguard-notifier | 22 ++++++++++++++++++++++
 profiles.manifest                         |  1 +
 2 files changed, 23 insertions(+)
 create mode 100644 apparmor.d/profiles-m-z/usbguard-notifier

diff --git a/apparmor.d/profiles-m-z/usbguard-notifier b/apparmor.d/profiles-m-z/usbguard-notifier
new file mode 100644
index 00000000..2df2494d
--- /dev/null
+++ b/apparmor.d/profiles-m-z/usbguard-notifier
@@ -0,0 +1,22 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/usbguard-notifier
+profile usbguard-notifier @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw,
+  /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw,
+
+  owner @{PROC}/@{pid}/loginuid r,
+
+  include if exists <local/usbguard-notifier>
+}
diff --git a/profiles.manifest b/profiles.manifest
index 6dab7d80..13689d7d 100644
--- a/profiles.manifest
+++ b/profiles.manifest
@@ -231,6 +231,7 @@ usb-devices
 usbguard
 usbguard-daemon
 usbguard-dbus
+usbguard-notifier
 useradd
 userdel
 usermod