From 67b1c301eda7af8a7e901649d00227d56debfab3 Mon Sep 17 00:00:00 2001
From: odomingao <sabadao@riseup.net>
Date: Sun, 22 Sep 2024 13:12:04 -0300
Subject: [PATCH] Create vesktop

---
 apparmor.d/profiles-s-z/vesktop | 46 +++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/vesktop

diff --git a/apparmor.d/profiles-s-z/vesktop b/apparmor.d/profiles-s-z/vesktop
new file mode 100644
index 00000000..ce420ea1
--- /dev/null
+++ b/apparmor.d/profiles-s-z/vesktop
@@ -0,0 +1,46 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 odomingao
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+include <tunables/global>
+
+@{name} = vesktop
+@{lib_dirs} = @{lib}/@{name}
+@{config_dirs} = @{user_config_dirs}/@{name}
+@{cache_dirs} = @{user_cache_dirs}/@{name}
+
+@{exec_path} = @{bin}/vesktop
+profile vesktop @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/audio-client>
+  include <abstractions/common/electron>
+  include <abstractions/p11-kit>
+  include <abstractions/user-download-strict>
+  include <abstractions/video>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  owner /tmp/.org.chromium.Chromium.@{rand6} mr,
+  owner @{run}/user/@{uid}/discord-ipc-@{int} rw,
+
+  @{sys}/devices/@{pci}/usb@{int}/**/interface r,
+
+        @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+  owner /dev/ r,
+
+  deny       /dev/tty rw,
+  deny owner /dev/tty@{int} rw,
+
+  include if exists <local/vesktop>
+}
+
+# vim:syntax=apparmor