From 80a1b1b401d0ab78298364c5f67d2d34e9fdb93d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 31 Jul 2021 19:17:25 +0100
Subject: [PATCH] Add gnome-system-monitor.

---
 apparmor.d/groups/gnome/gnome-system-monitor | 62 ++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 apparmor.d/groups/gnome/gnome-system-monitor

diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor
new file mode 100644
index 00000000..ba168190
--- /dev/null
+++ b/apparmor.d/groups/gnome/gnome-system-monitor
@@ -0,0 +1,62 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/gnome-system-monitor
+profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/gnome>
+  include <abstractions/nameservice-strict>
+
+  capability sys_ptrace,
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  ptrace (read),
+
+  signal (send) set=(kill term cont stop),
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/pkexec rPx,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/gnome-system-monitor/{,**} r,
+  /usr/share/pixmaps/{,**} r,
+
+  include <abstractions/dconf>
+  owner @{run}/user/@{uid}/dconf/ rw,
+  owner @{run}/user/@{uid}/dconf/user rw,
+
+  @{sys}/devices/pci[0-9]*/**/net/*/statistics/collisions r,
+  @{sys}/devices/pci[0-9]*/**/net/*/statistics/rx_{bytes,errors,packets} r,
+  @{sys}/devices/pci[0-9]*/**/net/*/statistics/tx_{bytes,errors,packets} r,
+  @{sys}/devices/virtual/net/*/statistics/collisions r,
+  @{sys}/devices/virtual/net/*/statistics/rx_{bytes,errors,packets} r,
+  @{sys}/devices/virtual/net/*/statistics/tx_{bytes,errors,packets} r,
+
+  @{PROC}/ r,
+  @{PROC}/@{pids}/cgroup r,
+  @{PROC}/@{pids}/cmdline r,
+  @{PROC}/@{pids}/fd/ r,
+  @{PROC}/@{pids}/io r,
+  @{PROC}/@{pids}/mounts r,
+  @{PROC}/@{pids}/net/dev r,
+  @{PROC}/@{pids}/net/tcp{,6} r,
+  @{PROC}/@{pids}/net/unix r,
+  @{PROC}/@{pids}/smaps r,
+  @{PROC}/@{pids}/stat r,
+  @{PROC}/@{pids}/statm r,
+  @{PROC}/@{pids}/wchan r,
+  @{PROC}/vmstat r,
+
+  @{run}/systemd/sessions/[0-9]*{,.ref} r,
+
+  include if exists <local/gnome-system-monitor>
+}
\ No newline at end of file