From b52cbe564c4f424b087fb9d90db61503759ef3bd Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 1 Dec 2021 13:38:14 +0000
Subject: [PATCH] Disks: support  large number of disks.

Fix: #4
See: https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt
---
 apparmor.d/abstractions/disks-read  |  4 ++--
 apparmor.d/abstractions/disks-write |  4 ++--
 apparmor.d/profiles-a-f/f3fix       |  2 +-
 apparmor.d/profiles-a-f/fatresize   |  2 +-
 apparmor.d/profiles-a-f/freefall    |  4 ++--
 apparmor.d/profiles-a-f/fwupd       |  2 +-
 apparmor.d/profiles-g-l/gpartedbin  | 12 ++++++------
 apparmor.d/profiles-g-l/hddtemp     |  2 +-
 apparmor.d/profiles-m-r/ntfs-3g     |  8 ++++----
 apparmor.d/profiles-s-z/udisksd     |  4 ++--
 apparmor.d/profiles-s-z/whdd        |  2 +-
 11 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read
index dee30bb0..3e58794d 100644
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@@ -9,8 +9,8 @@
   /dev/ r,
 
   # Regular disk/partition devices
-  /dev/{s,v}d[a-z] rk,
-  /dev/{s,v}d[a-z][0-9]* rk,
+  /dev/{s,v}d[a-z]* rk,
+  /dev/{s,v}d[a-z]*[0-9]* rk,
   @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
   @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
   @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write
index bac58aca..2b79e2bd 100644
--- a/apparmor.d/abstractions/disks-write
+++ b/apparmor.d/abstractions/disks-write
@@ -9,8 +9,8 @@
   /dev/ r,
 
   # Regular disk/partition devices
-  /dev/{s,v}d[a-z] rwk,
-  /dev/{s,v}d[a-z][0-9]* rwk,
+  /dev/{s,v}d[a-z]* rwk,
+  /dev/{s,v}d[a-z]*[0-9]* rwk,
   @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
   @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/** r,
   @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/** r,
diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix
index 38c41388..b72f2558 100644
--- a/apparmor.d/profiles-a-f/f3fix
+++ b/apparmor.d/profiles-a-f/f3fix
@@ -54,7 +54,7 @@ profile f3fix @{exec_path} {
     @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
 
     # file_inherit
-    /dev/sd[a-z] rw,
+    /dev/sd[a-z]* rw,
 
   }
 
diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize
index 0f0c91d9..4b0cae05 100644
--- a/apparmor.d/profiles-a-f/fatresize
+++ b/apparmor.d/profiles-a-f/fatresize
@@ -53,7 +53,7 @@ profile fatresize @{exec_path} {
     @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
 
     # file_inherit
-    /dev/{s,v}d[a-z] rw,
+    /dev/{s,v}d[a-z]* rw,
 
   }
 
diff --git a/apparmor.d/profiles-a-f/freefall b/apparmor.d/profiles-a-f/freefall
index 2ca9dc67..29071d5c 100644
--- a/apparmor.d/profiles-a-f/freefall
+++ b/apparmor.d/profiles-a-f/freefall
@@ -17,8 +17,8 @@ profile freefall @{exec_path} {
   @{exec_path} mr,
 
   /dev/freefall rw,
-  /dev/sd[a-z] rk,
-  /dev/sd[a-z][0-9]* rk,
+  /dev/sd[a-z]* rk,
+  /dev/sd[a-z]*[0-9]* rk,
 
   @{sys}/devices/**/unload_heads r,
   @{sys}/class/leds/**/brightness r,
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index 62244601..816e51fc 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -61,7 +61,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   /dev/mei[0-9]* rw,
   /dev/tpm[0-9] rw,
   /dev/drm_dp_aux[0-9]* rw,
-  /dev/sd[a-z] r,
+  /dev/sd[a-z]* r,
   /dev/bus/usb/ r,
   /dev/bus/usb/[0-9]*/[0-9]* rw,
   /dev/wmi/* r,
diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin
index 0eff49b5..2a83e894 100644
--- a/apparmor.d/profiles-g-l/gpartedbin
+++ b/apparmor.d/profiles-g-l/gpartedbin
@@ -152,19 +152,19 @@ profile gpartedbin @{exec_path} {
 
     /{usr/,}bin/mount mr,
 
-    mount /dev/{s,v}d[a-z][0-9]* -> /tmp/gparted-*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> /tmp/gparted-*/,
 
-    mount /dev/{s,v}d[a-z][0-9]* -> /boot/,
-    mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
-    mount /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> /boot/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/,
+    mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,
 
     @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
     @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/dev r,
     @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r,
     @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r,
 
-    /dev/{s,v}d[a-z] r,
-    /dev/{s,v}d[a-z][0-9]* r,
+    /dev/{s,v}d[a-z]* r,
+    /dev/{s,v}d[a-z]*[0-9]* r,
 
   }
 
diff --git a/apparmor.d/profiles-g-l/hddtemp b/apparmor.d/profiles-g-l/hddtemp
index af36d618..9e8933e7 100644
--- a/apparmor.d/profiles-g-l/hddtemp
+++ b/apparmor.d/profiles-g-l/hddtemp
@@ -27,7 +27,7 @@ profile hddtemp @{exec_path} {
   @{exec_path} mr,
 
   # Monitored hard drives
-  /dev/sd[a-z] r,
+  /dev/sd[a-z]* r,
 
   # Database file that allows hddtemp to recognize supported drives
   /etc/hddtemp.db r,
diff --git a/apparmor.d/profiles-m-r/ntfs-3g b/apparmor.d/profiles-m-r/ntfs-3g
index f8d8d8ac..c8177e93 100644
--- a/apparmor.d/profiles-m-r/ntfs-3g
+++ b/apparmor.d/profiles-m-r/ntfs-3g
@@ -36,10 +36,10 @@ profile ntfs-3g @{exec_path} {
   @{MOUNTS}/*/*/ r,
 
   # Allow to mount ntfs disks only under the /media/, /run/media, and /mnt/ dirs
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/,
-  mount fstype=fuseblk /dev/{s,v}d[a-z][0-9]* -> /mnt/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> /mnt/,
+  mount fstype=fuseblk /dev/{s,v}d[a-z]*[0-9]* -> /mnt/*/,
   mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/,
   mount fstype=fuseblk /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/*/,
 
diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd
index e2ba6d72..91b0c40c 100644
--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@@ -47,8 +47,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/systemd-escape  rPx,
 
   # Allow mounting of removable devices
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]       -> @{MOUNTS}/*/*/,
-  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z][0-9]* -> @{MOUNTS}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]*       -> @{MOUNTS}/*/*/,
+  mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/*/,
   mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/dm-[0-9]*     -> @{MOUNTS}/*/*/,
   # Allow mounting of loop devices (ISO files)
   mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*        -> @{MOUNTS}/*/*/,
diff --git a/apparmor.d/profiles-s-z/whdd b/apparmor.d/profiles-s-z/whdd
index 7656f7f9..1dc79101 100644
--- a/apparmor.d/profiles-s-z/whdd
+++ b/apparmor.d/profiles-s-z/whdd
@@ -29,7 +29,7 @@ profile whdd @{exec_path} {
   owner @{PROC}/@{pid}/mounts r,
         @{PROC}/partitions r,
 
-  /dev/sd[a-z] rw,
+  /dev/sd[a-z]* rw,
 
   include if exists <local/whdd>
 }