mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
feat(profile): use the @{pci} varibale when possible.
This commit is contained in:
Alexandre Pujol
parent
013f1c5a83
commit
bb947318a5
83 changed files with 168 additions and 170 deletions
|
|
@ -185,10 +185,10 @@
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/**/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/pci[0-9]*/**/{resource,irq} r,
|
||||
@{sys}/devices/pci[0-9]*/**/report_descriptor r,
|
||||
@{sys}/devices/@{pci}/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/@{pci}/{resource,irq} r,
|
||||
@{sys}/devices/@{pci}/report_descriptor r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r,
|
||||
@{sys}/devices/system/cpu/kernel_max r,
|
||||
@{sys}/devices/system/cpu/present r,
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/drm/ r,
|
||||
@{sys}/class/video4linux/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/{busnum,config,devnum,descriptors,speed,uevent} r,
|
||||
@{sys}/devices/@{pci}/{busnum,config,devnum,descriptors,speed,uevent} r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ profile calibre @{exec_path} {
|
|||
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/irq r,
|
||||
@{sys}/devices/@{pci}/irq r,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pids}/net/route r,
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ profile discord @{exec_path} {
|
|||
deny @{sys}/devices/virtual/tty/tty[0-9]/active r,
|
||||
# To remove the following error:
|
||||
# pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied
|
||||
@{sys}/devices/pci[0-9]*/**/irq r,
|
||||
@{sys}/devices/@{pci}/irq r,
|
||||
|
||||
deny /dev/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ profile freetube @{exec_path} {
|
|||
# To remove the following error:
|
||||
# pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied
|
||||
# The irq file is needed to render pages.
|
||||
deny @{sys}/devices/pci[0-9]*/**/irq r,
|
||||
deny @{sys}/devices/@{pci}/irq r,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
/etc/machine-id r,
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ profile signal-desktop @{exec_path} {
|
|||
|
||||
@{run}/systemd/inhibit/*.ref rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{irq,vendor,device} r,
|
||||
@{sys}/devices/@{pci}/{irq,vendor,device} r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||
@{sys}/devices/virtual/tty/tty[0-9]/active r,
|
||||
@{sys}/fs/cgroup/** r,
|
||||
|
|
|
|||
|
|
@ -218,10 +218,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/**/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/irq r,
|
||||
@{sys}/devices/@{pci}/ r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/ r,
|
||||
@{sys}/devices/@{pci}/drm/renderD[0-9]*/ r,
|
||||
@{sys}/devices/@{pci}/irq r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]/size r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||
@{sys}/devices/system/cpu/present r,
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ profile colord-sane @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/systemd/journal/socket rw,
|
||||
|
||||
@{sys}/bus/scsi/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/{vendor,model,type} r,
|
||||
@{sys}/devices/@{pci}/{vendor,model,type} r,
|
||||
|
||||
@{PROC}/sys/dev/parport/parport[0-9]*/base-addr r,
|
||||
@{PROC}/sys/dev/parport/parport[0-9]*/irq r,
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ profile iio-sensor-proxy @{exec_path} {
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/input/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/iio:*/** rw,
|
||||
@{sys}/devices/pci[0-9]*/**/name r,
|
||||
@{sys}/devices/@{pci}/ r,
|
||||
@{sys}/devices/@{pci}/iio:*/** rw,
|
||||
@{sys}/devices/@{pci}/name r,
|
||||
|
||||
/dev/iio:* r,
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/media/devices/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/devices/**/device:*/**/path r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,removable,uevent} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,removable,uevent} r,
|
||||
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name,bios_vendor,board_vendor} r,
|
||||
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
|
|
|||
|
|
@ -55,8 +55,7 @@ profile pipewire-media-session @{exec_path} {
|
|||
@{run}/systemd/users/@{uid} r,
|
||||
|
||||
@{sys}/devices/**/sound/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r,
|
||||
@{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
|
||||
@{sys}/devices/@{pci}/sound/**/pcm_class r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
|
||||
|
|
|
|||
|
|
@ -47,8 +47,7 @@ profile plymouthd @{exec_path} {
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/drm/ r,
|
||||
@{sys}/class/graphics/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/{,uevent,vendor,device} r,
|
||||
@{sys}/devices/pci[0-9]*/**/{,uevent} r,
|
||||
@{sys}/devices/@{pci}/{,uevent,vendor,device} r,
|
||||
@{sys}/devices/virtual/graphics/fbcon/uevent r,
|
||||
@{sys}/devices/virtual/tty/console/active r,
|
||||
@{sys}/firmware/acpi/bgrt/{,*} r,
|
||||
|
|
|
|||
|
|
@ -98,10 +98,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/**/{uevent,name,id,config} r,
|
||||
@{sys}/devices/**/hid r,
|
||||
@{sys}/devices/**/power_supply/**/{type,online} r,
|
||||
@{sys}/devices/pci[0-9]*/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/*/{,max_}brightness r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/@{pci}/ r,
|
||||
@{sys}/devices/@{pci}/backlight/*/{,max_}brightness r,
|
||||
@{sys}/devices/@{pci}/backlight/*/brightness rw,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/platform/ r,
|
||||
@{sys}/module/i915/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/tags/master-of-seat/ r,
|
||||
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
|
||||
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
|
|
|
|||
|
|
@ -380,10 +380,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/**/power_supply/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/input@{int}/{properties,name} r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/@{pci}/drm/ r,
|
||||
@{sys}/devices/@{pci}/input@{int}/{properties,name} r,
|
||||
@{sys}/devices/@{pci}/net/*/statistics/{rx_bytes,tx_bytes} r,
|
||||
@{sys}/devices/platform/**/input@{int}/{properties,name} r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
|
||||
@{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/**
|
||||
|
||||
@{sys}/devices/**/usb[0-9]/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/sound/**/uevent r,
|
||||
@{sys}/devices/@{pci}/sound/**/uevent r,
|
||||
@{sys}/devices/platform/**/uevent r,
|
||||
@{sys}/devices/virtual/**/uevent r,
|
||||
|
||||
|
|
|
|||
|
|
@ -70,13 +70,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/class/ r,
|
||||
@{sys}/class/backlight/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/class r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type,enabled} r,
|
||||
@{sys}/devices/@{pci}/class r,
|
||||
@{sys}/devices/@{pci}/backlight/**/brightness rw,
|
||||
@{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/@{pci}/backlight/**/{uevent,type} r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
|
||||
|
||||
@{sys}/devices/platform/**/leds/*backlight*/uevent r,
|
||||
@{sys}/devices/platform/**/leds/*backlight*/max_brightness r,
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/pci[0-9]*/**/revision r,
|
||||
@{sys}/devices/@{pci}/revision r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
|
||||
|
||||
@{PROC}/@{pids}/net/wireless r,
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ profile scdaemon @{exec_path} {
|
|||
|
||||
@{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/bConfigurationValue r,
|
||||
@{sys}/devices/@{pci}/bConfigurationValue r,
|
||||
|
||||
include if exists <local/scdaemon>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ profile kaccess @{exec_path} {
|
|||
|
||||
owner @{run}/user/@{uid}/xauth_@{rand6} r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
|
||||
@{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
|
|||
@{sys}/class/usbmisc/ r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/*/status r,
|
||||
@{sys}/devices/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/platform/*/i2c-[0-9]*/name r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
|
||||
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
|
||||
@{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
|
|
|
|||
|
|
@ -171,7 +171,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
|||
@{sys}/class/{,**} r,
|
||||
@{sys}/devices/platform/** r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/name r,
|
||||
@{sys}/devices/@{pci}/name r,
|
||||
@{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
|
|
|
|||
|
|
@ -131,8 +131,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/virtual/net/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r,
|
||||
@{sys}/devices/@{pci}/net/*/{,**} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{run}/udev/data/n@{int} r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
@{sys}/devices/virtual/dmi/id/product_uuid r,
|
||||
@{sys}/devices/virtual/net/**/{tun_flags,uevent} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/systemd/inhibit/*.ref rw,
|
||||
|
||||
@{sys}/bus/pci/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/{vendor,device,class,config,resource,irq} r,
|
||||
@{sys}/devices/@{pci}/{vendor,device,class,config,resource,irq} r,
|
||||
@{sys}/devices/system/cpu/** r,
|
||||
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ profile nmcli @{exec_path} {
|
|||
@{run}/udev/data/n@{int} r,
|
||||
|
||||
@{sys}/devices/virtual/net/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
|
||||
@{sys}/devices/@{pci}/net/*/{,**} r,
|
||||
|
||||
profile pager {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
|
|
@ -28,15 +28,15 @@ profile systemd-backlight @{exec_path} {
|
|||
@{sys}/class/backlight/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/*:@{int}.@{int}/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw,
|
||||
@{sys}/devices/pci[0-9]*/**/class r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type} r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw,
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/@{pci}/ r,
|
||||
@{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/@{pci}/backlight/**/{uevent,type} r,
|
||||
@{sys}/devices/@{pci}/backlight/**/brightness rw,
|
||||
@{sys}/devices/@{pci}/class r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type} r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
|
||||
@{sys}/devices/platform/**/leds/*backlight*/brightness rw,
|
||||
@{sys}/devices/platform/**/leds/*backlight*/max_brightness r,
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
|
|||
|
||||
@{sys}/devices/@{pci}/rfkill@{int}/* r,
|
||||
@{sys}/devices/**/net/** r,
|
||||
@{sys}/devices/pci[0-9]*/**/ r,
|
||||
@{sys}/devices/@{pci}/ r,
|
||||
@{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
|
||||
@{sys}/devices/virtual/dmi/id/product_name r,
|
||||
@{sys}/devices/virtual/dmi/id/product_version r,
|
||||
|
|
|
|||
|
|
@ -84,8 +84,8 @@ profile subiquity-console-conf @{exec_path} {
|
|||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r,
|
||||
@{sys}/devices/@{pci}/net/*/{,**} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r,
|
||||
@{sys}/devices/virtual/net/{,**} r,
|
||||
|
||||
@{PROC}/cmdline r,
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{sys}/class/net/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r,
|
||||
@{sys}/devices/@{pci}/net/*/{address,mtu,speed} r,
|
||||
@{sys}/devices/system/edac/mc/ r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
|
||||
|
|
|
|||
|
|
@ -198,15 +198,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/pci/drivers/*/unbind w,
|
||||
@{sys}/class/[a-z]*/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/{class,revision,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/pci[0-9]*/**/{config,numa_node,device,vendor} r,
|
||||
@{sys}/devices/pci[0-9]*/**/driver_override w,
|
||||
@{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/mdev_supported_types/*/create w,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/remove w,
|
||||
@{sys}/devices/pci[0-9]*/**/resource r,
|
||||
@{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
|
||||
@{sys}/devices/@{pci}/{class,revision,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/@{pci}/{config,numa_node,device,vendor} r,
|
||||
@{sys}/devices/@{pci}/driver_override w,
|
||||
@{sys}/devices/@{pci}/mdev_supported_types/{,**} r,
|
||||
@{sys}/devices/@{pci}/mdev_supported_types/*/create w,
|
||||
@{sys}/devices/@{pci}/net/*/{,**} r,
|
||||
@{sys}/devices/@{pci}/remove w,
|
||||
@{sys}/devices/@{pci}/resource r,
|
||||
@{sys}/devices/@{pci}/sriov_totalvfs r,
|
||||
|
||||
@{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/class/net/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/{,**} r,
|
||||
@{sys}/devices/@{pci}/net/{,**} r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
@{sys}/devices/virtual/net/{,**} r,
|
||||
|
|
|
|||
|
|
@ -79,10 +79,10 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/**/{class,revision,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/**/{config,device,vendor} r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/{,**} r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r,
|
||||
@{sys}/devices/pci[0-9]*/**/numa_node r,
|
||||
@{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
|
||||
@{sys}/devices/@{pci}/net/{,**} r,
|
||||
@{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r,
|
||||
@{sys}/devices/@{pci}/numa_node r,
|
||||
@{sys}/devices/@{pci}/sriov_totalvfs r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
@{sys}/devices/virtual/dmi/id/{product_name,product_serial,product_uuid,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r,
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ profile arduino @{exec_path} {
|
|||
|
||||
@{sys}/fs/cgroup/{,**} r,
|
||||
@{sys}/class/tty/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,manufacturer,serial,product} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,manufacturer,serial,product} r,
|
||||
|
||||
/dev/ttyS@{int} rw,
|
||||
/dev/ttyACM@{int} rw,
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/sdp rw,
|
||||
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/bluetooth/**/{uevent,name} r,
|
||||
@{sys}/devices/@{pci}/rfkill[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/bluetooth/**/{uevent,name} r,
|
||||
@{sys}/devices/platform/**/rfkill/**/name r,
|
||||
@{sys}/devices/virtual/dmi/id/chassis_type r,
|
||||
|
||||
|
|
|
|||
|
|
@ -39,13 +39,13 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/thunderbolt/devices/ r,
|
||||
@{sys}/bus/wmi/devices/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/device r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/{security,uevent} r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{authorized,generation} r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{uevent,unique_id} r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{vendor,device}_name r,
|
||||
@{sys}/devices/pci[0-9]*/**/domain[0-9]*/iommu_dma_protection r,
|
||||
@{sys}/devices/@{pci}/device r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/{security,uevent} r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/**/ r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/**/{authorized,generation} r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/**/{uevent,unique_id} r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/**/{vendor,device}_name r,
|
||||
@{sys}/devices/@{pci}/domain[0-9]*/iommu_dma_protection r,
|
||||
@{sys}/devices/platform/**/uevent r,
|
||||
@{sys}/devices/platform/*/wmi_bus/wmi_bus-*/@{uuid}/force_power rw,
|
||||
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ profile btop @{exec_path} {
|
|||
@{sys}/class/power_supply/ r,
|
||||
@{sys}/class/hwmon/ r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
|
||||
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r,
|
||||
@{sys}/devices/virtual/thermal/thermal_zone@{int}/ r,
|
||||
@{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r,
|
||||
@{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r,
|
||||
@{sys}/devices/virtual/block/dm-@{int}/stat r,
|
||||
@{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r,
|
||||
@{sys}/devices/@{pci}/host@{int}/*/*/block/*/*/stat r,
|
||||
@{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r,
|
||||
@{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r,
|
||||
@{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r,
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ profile code flags=(attach_disconnected) {
|
|||
@{sys}/devices/system/cpu/present r,
|
||||
@{sys}/devices/system/cpu/kernel_max r,
|
||||
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
|
||||
@{sys}/devices/pci[0-9]*/**/irq r,
|
||||
@{sys}/devices/@{pci}/irq r,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ profile conky @{exec_path} {
|
|||
deny ptrace (trace, read),
|
||||
|
||||
# Display the hard disk model name
|
||||
@{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/**/model r,
|
||||
@{sys}/devices/@{pci}/{usb,ata}[0-9]/**/model r,
|
||||
@{sys}/block/{s,v}d[a-z]/device/model r,
|
||||
# Display the disk write/read speed
|
||||
@{PROC}/diskstats r,
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ profile dumpcap @{exec_path} {
|
|||
@{sys}/bus/usb/devices/ r,
|
||||
@{sys}/devices/virtual/net/*/type r,
|
||||
@{sys}/devices/virtual/net/*/statistics/* r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/type r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/statistics/* r,
|
||||
@{sys}/devices/@{pci}/net/*/type r,
|
||||
@{sys}/devices/@{pci}/net/*/statistics/* r,
|
||||
|
||||
@{PROC}/@{pid}/net/dev r,
|
||||
@{PROC}/@{pid}/net/psched r,
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ profile edid-decode @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]/*/edid r,
|
||||
@{sys}/devices/@{pci}/drm/card[0-9]/*/edid r,
|
||||
|
||||
include if exists <local/edid-decode>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/data/c25[0-4]:@{int} r,
|
||||
|
||||
@{sys}/class/hidraw/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/hidraw/hidraw[0-9]*/uevent r,
|
||||
@{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r,
|
||||
@{sys}/devices/virtual/**/hidraw/hidraw[0-9]*/uevent r,
|
||||
|
||||
include if exists <local/fprintd>
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ profile gparted @{exec_path} {
|
|||
|
||||
@{sys}/** r,
|
||||
@{sys}/devices/virtual/block/**/uevent rw,
|
||||
@{sys}/devices/pci[0-9]*/**/block/**/uevent rw,
|
||||
@{sys}/devices/@{pci}/block/**/uevent rw,
|
||||
@{run}/udev/data/* r,
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,10 +102,10 @@ profile gpartedbin @{exec_path} {
|
|||
|
||||
@{bin}/mount mr,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/dev r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r,
|
||||
@{sys}/devices/@{pci}/block/{s,v}d[a-z]/ r,
|
||||
@{sys}/devices/@{pci}/block/{s,v}d[a-z]/dev r,
|
||||
@{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r,
|
||||
@{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r,
|
||||
|
||||
/dev/{s,v}d[a-z]* r,
|
||||
/dev/{s,v}d[a-z]*[0-9]* r,
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ profile gzdoom @{exec_path} {
|
|||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/uevent r,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
owner @{user_config_dirs}/gzdoom/ rw,
|
||||
|
|
|
|||
|
|
@ -74,8 +74,8 @@ profile hardinfo @{exec_path} {
|
|||
@{sys}/devices/virtual/thermal/thermal_zone[0-9]/temp* r,
|
||||
@{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r,
|
||||
@{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r,
|
||||
@{sys}/devices/pci[0-9]*/**/eeprom r,
|
||||
@{sys}/devices/pci[0-9]*/**/hwmon/hwmon@{int}/temp* r,
|
||||
@{sys}/devices/@{pci}/eeprom r,
|
||||
@{sys}/devices/@{pci}/hwmon/hwmon@{int}/temp* r,
|
||||
@{sys}/devices/**/power_supply/** r,
|
||||
|
||||
@{PROC}/@{pid}/net/wireless r,
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ profile htop @{exec_path} {
|
|||
@{sys}/devices/**/power_supply/**/{uevent,type,online} r,
|
||||
@{sys}/devices/*/name r,
|
||||
@{sys}/devices/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/platform/*/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/online r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r,
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ profile hw-probe @{exec_path} {
|
|||
@{sys}/class/power_supply/ r,
|
||||
|
||||
@{sys}/devices/virtual/dmi/id/* r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]/*/edid r,
|
||||
@{sys}/devices/@{pci}/drm/card[0-9]/*/edid r,
|
||||
@{sys}/devices/**/power_supply/*/uevent r,
|
||||
|
||||
@{sys}/firmware/efi/efivars/ r,
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ profile hwinfo @{exec_path} {
|
|||
# file_inherit
|
||||
/dev/ttyS@{int} r,
|
||||
owner /tmp/hwinfo*.txt rw,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/ r,
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ profile hypnotix @{exec_path} {
|
|||
|
||||
owner @{user_music_dirs}/** r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/drm/ r,
|
||||
@{sys}/devices/@{pci}/drm/ r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ profile inxi @{exec_path} {
|
|||
|
||||
@{bin}/ip mr,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r,
|
||||
@{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r,
|
||||
|
||||
/etc/iproute2/group r,
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ profile inxi @{exec_path} {
|
|||
@{PROC}/1/environ r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/block/**/uevent r,
|
||||
@{sys}/devices/@{pci}/block/**/uevent r,
|
||||
@{run}/udev/data/b* r,
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,9 +23,9 @@ profile irqbalance @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/irqbalance/irqbalance[0-9]*.sock w,
|
||||
|
||||
@{sys}/bus/pci/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/{class,numa_node,local_cpus,irq} r,
|
||||
@{sys}/devices/pci[0-9]*/**/{vendor,device,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/pci[0-9]*/**/msi_irqs/ r,
|
||||
@{sys}/devices/@{pci}/{class,numa_node,local_cpus,irq} r,
|
||||
@{sys}/devices/@{pci}/{vendor,device,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/@{pci}/msi_irqs/ r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/ r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]*/shared_cpu_map r,
|
||||
@{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile iw @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]*/index r,
|
||||
@{sys}/devices/@{pci}/ieee80211/phy[0-9]*/index r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ profile kodi @{exec_path} {
|
|||
|
||||
@{sys}/**/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/{bDeviceClass,idProduct,idVendor} r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{bDeviceClass,idProduct,idVendor} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/{bDeviceClass,idProduct,idVendor} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/{bDeviceClass,idProduct,idVendor} r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{sys}/class/drm/ r,
|
||||
@{sys}/class/input/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
|
||||
@{run}/udev/data/+acpi:* r, # for ?
|
||||
|
|
|
|||
|
|
@ -23,11 +23,11 @@ profile light @{exec_path} {
|
|||
@{sys}/class/backlight/ r,
|
||||
@{sys}/class/leds/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/{,max_}brightness r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/brightness rw,
|
||||
@{sys}/devices/@{pci}/drm/**/intel_backlight/{,max_}brightness r,
|
||||
@{sys}/devices/@{pci}/drm/**/intel_backlight/brightness rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/*/{,max_}brightness r,
|
||||
@{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw,
|
||||
@{sys}/devices/@{pci}/backlight/*/{,max_}brightness r,
|
||||
@{sys}/devices/@{pci}/backlight/*/brightness rw,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ profile light-locker @{exec_path} {
|
|||
# when locking the screen and switching/closing sessions
|
||||
@{run}/systemd/sessions/* r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/vendor r,
|
||||
@{sys}/devices/pci[0-9]*/**/device r,
|
||||
@{sys}/devices/pci[0-9]*/**/subsystem_vendor r,
|
||||
@{sys}/devices/pci[0-9]*/**/subsystem_device r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
@{sys}/devices/@{pci}/vendor r,
|
||||
@{sys}/devices/@{pci}/device r,
|
||||
@{sys}/devices/@{pci}/subsystem_vendor r,
|
||||
@{sys}/devices/@{pci}/subsystem_device r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ profile mdevctl @{exec_path} {
|
|||
|
||||
@{sys}/bus/mdev/devices/ r,
|
||||
@{sys}/class/mdev_bus/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r,
|
||||
@{sys}/devices/@{pci}/mdev_supported_types/{,**} r,
|
||||
|
||||
include if exists <local/mdevctl>
|
||||
}
|
||||
|
|
@ -94,7 +94,7 @@ profile monitorix @{exec_path} {
|
|||
@{PROC}/@{pids}/io r,
|
||||
|
||||
@{sys}/class/i2c-adapter/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/name r,
|
||||
@{sys}/class/hwmon/ r,
|
||||
@{sys}/devices/**/thermal*/{,**} r,
|
||||
@{sys}/devices/**/hwmon*/{,**} r,
|
||||
|
|
|
|||
|
|
@ -43,11 +43,11 @@ profile mono-sgen @{exec_path} {
|
|||
owner /tmp/CASESENSITIVETEST* rw,
|
||||
owner /dev/shm/mono.* rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/vendor r,
|
||||
@{sys}/devices/pci[0-9]*/**/device r,
|
||||
@{sys}/devices/pci[0-9]*/**/subsystem_vendor r,
|
||||
@{sys}/devices/pci[0-9]*/**/subsystem_device r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
@{sys}/devices/@{pci}/vendor r,
|
||||
@{sys}/devices/@{pci}/device r,
|
||||
@{sys}/devices/@{pci}/subsystem_vendor r,
|
||||
@{sys}/devices/@{pci}/subsystem_device r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/class/drm/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/card@{int}/gt_cur_freq_mhz r,
|
||||
@{sys}/devices/pci[0-9]*/**/enable r,
|
||||
@{sys}/devices/@{pci}/drm/card@{int}/gt_cur_freq_mhz r,
|
||||
@{sys}/devices/@{pci}/enable r,
|
||||
@{sys}/devices/system/node/node@{int}/cpumap r,
|
||||
|
||||
@{PROC}/ r,
|
||||
|
|
|
|||
|
|
@ -28,10 +28,10 @@ profile obexautofs @{exec_path} {
|
|||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/bus/usb/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/bConfigurationValue r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bConfigurationValue r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/bConfigurationValue r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/bConfigurationValue r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
|
||||
@{run}/udev/data/+usb:* r,
|
||||
@{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ profile os-prober @{exec_path} flags=(attach_disconnected) {
|
|||
owner /tmp/os-prober.*/{,**} rw,
|
||||
|
||||
@{sys}/block/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/block/*/ r,
|
||||
@{sys}/devices/@{pci}/block/*/ r,
|
||||
@{sys}/devices/virtual/block/*/ r,
|
||||
|
||||
@{PROC}/swaps r,
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ profile picom @{exec_path} {
|
|||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{uevent,vendor,device,subsystem_vendor,subsystem_device} r,
|
||||
@{sys}/devices/@{pci}/{uevent,vendor,device,subsystem_vendor,subsystem_device} r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ profile rfkill @{exec_path} {
|
|||
|
||||
/dev/rfkill rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/rfkill[0-9]/{name,type} r,
|
||||
@{sys}/devices/@{pci}/rfkill[0-9]/{name,type} r,
|
||||
@{sys}/devices/platform/**/rfkill/rfkill[0-9]/{name,type} r,
|
||||
|
||||
include if exists <local/rfkill>
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ profile sensors @{exec_path} {
|
|||
@{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r,
|
||||
@{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r,
|
||||
@{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/name r,
|
||||
@{sys}/devices/@{pci}/name r,
|
||||
@{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r,
|
||||
@{sys}/devices/virtual/hwmon/hwmon[0-9]* r,
|
||||
@{sys}/devices/virtual/hwmon/hwmon@{int}/ r,
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ profile sensors-detect @{exec_path} {
|
|||
@{sys}/bus/pci/devices/ r,
|
||||
@{sys}/class/i2c-adapter/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{class,vendor,device} r,
|
||||
@{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/modalias r,
|
||||
@{sys}/devices/@{pci}/{class,vendor,device} r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/modalias r,
|
||||
@{sys}/devices/virtual/dmi/id/board_{version,vendor,name} r,
|
||||
@{sys}/devices/virtual/dmi/id/product_{version,name} r,
|
||||
@{sys}/devices/virtual/dmi/id/chassis_type r,
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ profile sfdisk @{exec_path} {
|
|||
# For disk images
|
||||
owner @{user_img_dirs}/{,**} rwk,
|
||||
|
||||
owner @{sys}/devices/pci[0-9]*/**/model r,
|
||||
owner @{sys}/devices/@{pci}/model r,
|
||||
|
||||
include if exists <local/sfdisk>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ profile spflashtool @{exec_path} {
|
|||
# For reading/writing from/to phone flash memory
|
||||
/dev/ttyACM[0-9]* rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{idVendor,idProduct} r,
|
||||
@{sys}/devices/@{pci}/{idVendor,idProduct} r,
|
||||
|
||||
# Silence the noise
|
||||
/opt/SPFlashTool/** w,
|
||||
|
|
|
|||
|
|
@ -183,10 +183,10 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
|
|||
@{sys}/devices/**/input@{int}/capabilities/* r,
|
||||
@{sys}/devices/**/input/input@{int}/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/class r,
|
||||
@{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/report_descriptor r,
|
||||
@{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
|
||||
@{sys}/devices/@{pci}/class r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/report_descriptor r,
|
||||
@{sys}/devices/@{pci}/sound/card[0-9]*/** r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
|
||||
@{sys}/devices/system/cpu/** r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/virtual/dmi/id/bios_version rk,
|
||||
|
|
|
|||
|
|
@ -207,8 +207,8 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/**/input@{int}/capabilities/* r,
|
||||
@{sys}/devices/**/input/input@{int}/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
|
||||
@{sys}/devices/@{pci}/sound/card[0-9]*/** r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r,
|
||||
@{sys}/devices/system/clocksource/clocksource[0-9]*/current_clocksource r,
|
||||
@{sys}/devices/system/cpu/** r,
|
||||
@{sys}/devices/system/node/node[0-9]/cpumap r,
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/class/drm/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/boot_vga r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/{pci[0-9]*,virtual}/**/uevent r,
|
||||
|
||||
include if exists <local/switcheroo-control>
|
||||
|
|
|
|||
|
|
@ -38,11 +38,11 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/system/cpu/intel_pstate/no_turbo rw,
|
||||
@{sys}/devices/system/cpu/intel_pstate/status r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/max_brightness r,
|
||||
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_max_uw r,
|
||||
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_min_uw r,
|
||||
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmax_us r,
|
||||
@{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmin_us r,
|
||||
@{sys}/devices/@{pci}/drm/**/intel_backlight/max_brightness r,
|
||||
@{sys}/devices/@{pci}/power_limits/power_limit_@{int}_max_uw r,
|
||||
@{sys}/devices/@{pci}/power_limits/power_limit_@{int}_min_uw r,
|
||||
@{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmax_us r,
|
||||
@{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmin_us r,
|
||||
|
||||
@{sys}/devices/**/hwmon@{int}/ r,
|
||||
@{sys}/devices/**/hwmon@{int}/name r,
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ profile thunderbird-glxtest @{exec_path} {
|
|||
owner /tmp/thunderbird/.parentlock rw,
|
||||
|
||||
@{sys}/bus/pci/devices/ r,
|
||||
@{sys}/devices/pci[0-9]*/**/class r,
|
||||
@{sys}/devices/@{pci}/class r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
|
|
|
|||
|
|
@ -135,8 +135,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/class/nvme-subsystem/ r,
|
||||
@{sys}/class/nvme/ r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w,
|
||||
@{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw,
|
||||
@{sys}/devices/@{pci}/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w,
|
||||
@{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw,
|
||||
@{sys}/devices/virtual/bdi/**/read_ahead_kb r,
|
||||
@{sys}/devices/virtual/block/*/{,**} rw,
|
||||
@{sys}/devices/virtual/block/loop[0-9]*/uevent rw,
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ profile usbguard @{exec_path} {
|
|||
/dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw,
|
||||
|
||||
# For "usbguard generate-policy"
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
|
||||
include if exists <local/usbguard>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
/dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/ rw,
|
||||
/dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/uevent r,
|
||||
@{sys}/devices/@{pci}/uevent r,
|
||||
|
||||
include if exists <local/usbguard-daemon>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/data/c5[0-9]*:@{int} r,
|
||||
|
||||
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
|
||||
@{sys}/devices/pci[0-9]*/**/drm/ r,
|
||||
@{sys}/devices/@{pci}/drm/ r,
|
||||
@{sys}/devices/virtual/drm/ttm/uevent r,
|
||||
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -42,10 +42,10 @@ profile vnstat @{exec_path} {
|
|||
|
||||
@{sys}/class/net/ r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/statistics/{tx,rx}_{bytes,packets} r,
|
||||
@{sys}/devices/@{pci}/net/*/statistics/{tx,rx}_{bytes,packets} r,
|
||||
@{sys}/devices/virtual/net/*/statistics/{tx,rx}_{bytes,packets} r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/speed r,
|
||||
@{sys}/devices/@{pci}/net/*/speed r,
|
||||
@{sys}/devices/virtual/net/*/speed r,
|
||||
|
||||
@{PROC}/@{pid}/net/dev r,
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ profile vnstatd @{exec_path} {
|
|||
/etc/vnstat.conf r,
|
||||
|
||||
# To determine capacity of a network interface
|
||||
@{sys}/devices/pci[0-9]*/**/net/**/speed r,
|
||||
@{sys}/devices/@{pci}/net/**/speed r,
|
||||
@{sys}/devices/virtual/net/**/speed r,
|
||||
|
||||
# To collect interfaces' data
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ profile wireplumber @{exec_path} {
|
|||
@{sys}/devices/**/device:*/**/path r,
|
||||
@{sys}/devices/**/sound/**/pcm_class r,
|
||||
@{sys}/devices/**/sound/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
|
||||
@{sys}/devices/@{pci}/video4linux/video[0-9]*/uevent r,
|
||||
@{sys}/devices/virtual/dmi/id/bios_vendor r,
|
||||
@{sys}/devices/virtual/dmi/id/product_name r,
|
||||
@{sys}/devices/virtual/dmi/id/sys_vendor r,
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
owner @{run}/wpa_supplicant/{,**} rw,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/ieee*/phy@{int}/name r,
|
||||
@{sys}/devices/@{pci}/ieee*/phy@{int}/name r,
|
||||
|
||||
@{PROC}/sys/net/ipv{4,6}/conf/p2p*/drop_* rw,
|
||||
@{PROC}/sys/net/ipv{4,6}/conf/wlan*/drop_* rw,
|
||||
|
|
|
|||
Loading…
Reference in a new issue