From bb947318a56c6f299993c9321fcf2e9c51795bd4 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 8 Dec 2023 17:46:05 +0000 Subject: [PATCH] feat(profile): use the @{pci} varibale when possible. --- apparmor.d/abstractions/chromium | 8 ++++---- apparmor.d/abstractions/gstreamer | 2 +- apparmor.d/groups/apps/calibre | 2 +- apparmor.d/groups/apps/discord | 2 +- apparmor.d/groups/apps/freetube | 2 +- apparmor.d/groups/apps/signal-desktop | 2 +- apparmor.d/groups/browsers/firefox | 8 ++++---- apparmor.d/groups/freedesktop/colord-sane | 2 +- apparmor.d/groups/freedesktop/iio-sensor-proxy | 6 +++--- apparmor.d/groups/freedesktop/pipewire | 2 +- .../groups/freedesktop/pipewire-media-session | 3 +-- apparmor.d/groups/freedesktop/plymouthd | 3 +-- apparmor.d/groups/freedesktop/xorg | 8 ++++---- apparmor.d/groups/gnome/gdm | 2 +- apparmor.d/groups/gnome/gnome-shell | 8 ++++---- apparmor.d/groups/gnome/gsd-media-keys | 2 +- apparmor.d/groups/gnome/gsd-power | 14 +++++++------- apparmor.d/groups/gnome/nautilus | 2 +- apparmor.d/groups/gpg/scdaemon | 2 +- apparmor.d/groups/kde/kaccess | 2 +- apparmor.d/groups/kde/kde-powerdevil | 2 +- apparmor.d/groups/kde/ksmserver | 2 +- apparmor.d/groups/kde/plasmashell | 2 +- apparmor.d/groups/network/NetworkManager | 4 ++-- apparmor.d/groups/network/dhcpcd | 2 +- apparmor.d/groups/network/mullvad-gui | 2 +- apparmor.d/groups/network/nmcli | 2 +- apparmor.d/groups/systemd/systemd-backlight | 18 +++++++++--------- apparmor.d/groups/systemd/systemd-networkd | 2 +- .../groups/ubuntu/subiquity-console-conf | 4 ++-- apparmor.d/groups/virt/k3s | 2 +- apparmor.d/groups/virt/libvirtd | 18 +++++++++--------- apparmor.d/groups/virt/virtinterfaced | 2 +- apparmor.d/groups/virt/virtnodedevd | 8 ++++---- apparmor.d/profiles-a-f/arduino | 2 +- apparmor.d/profiles-a-f/bluetoothd | 4 ++-- apparmor.d/profiles-a-f/boltd | 14 +++++++------- apparmor.d/profiles-a-f/btop | 4 ++-- apparmor.d/profiles-a-f/code | 2 +- apparmor.d/profiles-a-f/conky | 2 +- apparmor.d/profiles-a-f/dumpcap | 4 ++-- apparmor.d/profiles-a-f/edid-decode | 2 +- apparmor.d/profiles-a-f/fprintd | 2 +- apparmor.d/profiles-g-l/gparted | 2 +- apparmor.d/profiles-g-l/gpartedbin | 8 ++++---- apparmor.d/profiles-g-l/gzdoom | 2 +- apparmor.d/profiles-g-l/hardinfo | 4 ++-- apparmor.d/profiles-g-l/htop | 2 +- apparmor.d/profiles-g-l/hw-probe | 2 +- apparmor.d/profiles-g-l/hwinfo | 2 +- apparmor.d/profiles-g-l/hypnotix | 2 +- apparmor.d/profiles-g-l/inxi | 4 ++-- apparmor.d/profiles-g-l/irqbalance | 6 +++--- apparmor.d/profiles-g-l/iw | 2 +- apparmor.d/profiles-g-l/kodi | 4 ++-- apparmor.d/profiles-g-l/labwc | 2 +- apparmor.d/profiles-g-l/light | 8 ++++---- apparmor.d/profiles-g-l/light-locker | 10 +++++----- apparmor.d/profiles-m-r/mdevctl | 2 +- apparmor.d/profiles-m-r/monitorix | 2 +- apparmor.d/profiles-m-r/mono-sgen | 10 +++++----- apparmor.d/profiles-m-r/nvtop | 4 ++-- apparmor.d/profiles-m-r/obexautofs | 8 ++++---- apparmor.d/profiles-m-r/os-prober | 2 +- apparmor.d/profiles-m-r/picom | 2 +- apparmor.d/profiles-m-r/rfkill | 2 +- apparmor.d/profiles-s-z/sensors | 2 +- apparmor.d/profiles-s-z/sensors-detect | 6 +++--- apparmor.d/profiles-s-z/sfdisk | 2 +- apparmor.d/profiles-s-z/spflashtool | 2 +- apparmor.d/profiles-s-z/steam | 8 ++++---- apparmor.d/profiles-s-z/steam-game | 4 ++-- apparmor.d/profiles-s-z/switcheroo-control | 2 +- apparmor.d/profiles-s-z/thermald | 10 +++++----- apparmor.d/profiles-s-z/thunderbird-glxtest | 2 +- apparmor.d/profiles-s-z/udisksd | 4 ++-- apparmor.d/profiles-s-z/usbguard | 2 +- apparmor.d/profiles-s-z/usbguard-daemon | 2 +- apparmor.d/profiles-s-z/virt-manager | 2 +- apparmor.d/profiles-s-z/vnstat | 4 ++-- apparmor.d/profiles-s-z/vnstatd | 2 +- apparmor.d/profiles-s-z/wireplumber | 2 +- apparmor.d/profiles-s-z/wpa-supplicant | 2 +- 83 files changed, 168 insertions(+), 170 deletions(-) diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium index 15e89c89..bc80935f 100644 --- a/apparmor.d/abstractions/chromium +++ b/apparmor.d/abstractions/chromium @@ -185,10 +185,10 @@ @{sys}/class/ r, @{sys}/class/**/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r, - @{sys}/devices/pci[0-9]*/**/boot_vga r, - @{sys}/devices/pci[0-9]*/**/{resource,irq} r, - @{sys}/devices/pci[0-9]*/**/report_descriptor r, + @{sys}/devices/@{pci}/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r, + @{sys}/devices/@{pci}/boot_vga r, + @{sys}/devices/@{pci}/{resource,irq} r, + @{sys}/devices/@{pci}/report_descriptor r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, @{sys}/devices/system/cpu/kernel_max r, @{sys}/devices/system/cpu/present r, diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 38b43ad9..b07343b4 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -40,7 +40,7 @@ @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/class/video4linux/ r, - @{sys}/devices/pci[0-9]*/**/{busnum,config,devnum,descriptors,speed,uevent} r, + @{sys}/devices/@{pci}/{busnum,config,devnum,descriptors,speed,uevent} r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 597dcf72..c625ab9c 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -109,7 +109,7 @@ profile calibre @{exec_path} { owner /dev/shm/#@{int} rw, - @{sys}/devices/pci[0-9]*/**/irq r, + @{sys}/devices/@{pci}/irq r, @{PROC}/ r, @{PROC}/@{pids}/net/route r, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index a594a9e7..88d90192 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -93,7 +93,7 @@ profile discord @{exec_path} { deny @{sys}/devices/virtual/tty/tty[0-9]/active r, # To remove the following error: # pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied - @{sys}/devices/pci[0-9]*/**/irq r, + @{sys}/devices/@{pci}/irq r, deny /dev/ r, diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index 8f2519cf..f5a1d874 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -75,7 +75,7 @@ profile freetube @{exec_path} { # To remove the following error: # pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/irq: Permission denied # The irq file is needed to render pages. - deny @{sys}/devices/pci[0-9]*/**/irq r, + deny @{sys}/devices/@{pci}/irq r, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/groups/apps/signal-desktop b/apparmor.d/groups/apps/signal-desktop index 00fd822e..441ffa35 100644 --- a/apparmor.d/groups/apps/signal-desktop +++ b/apparmor.d/groups/apps/signal-desktop @@ -60,7 +60,7 @@ profile signal-desktop @{exec_path} { @{run}/systemd/inhibit/*.ref rw, - @{sys}/devices/pci[0-9]*/**/{irq,vendor,device} r, + @{sys}/devices/@{pci}/{irq,vendor,device} r, @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, @{sys}/devices/virtual/tty/tty[0-9]/active r, @{sys}/fs/cgroup/** r, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 1334becb..356b0736 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -218,10 +218,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) { @{sys}/class/ r, @{sys}/class/**/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, - @{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r, - @{sys}/devices/pci[0-9]*/**/irq r, + @{sys}/devices/@{pci}/ r, + @{sys}/devices/@{pci}/drm/card@{int}/ r, + @{sys}/devices/@{pci}/drm/renderD[0-9]*/ r, + @{sys}/devices/@{pci}/irq r, @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]/size r, @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, @{sys}/devices/system/cpu/present r, diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index b6736041..aaea3e53 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -33,7 +33,7 @@ profile colord-sane @{exec_path} flags=(attach_disconnected) { @{run}/systemd/journal/socket rw, @{sys}/bus/scsi/devices/ r, - @{sys}/devices/pci[0-9]*/**/{vendor,model,type} r, + @{sys}/devices/@{pci}/{vendor,model,type} r, @{PROC}/sys/dev/parport/parport[0-9]*/base-addr r, @{PROC}/sys/dev/parport/parport[0-9]*/irq r, diff --git a/apparmor.d/groups/freedesktop/iio-sensor-proxy b/apparmor.d/groups/freedesktop/iio-sensor-proxy index 4e4d74ac..b2965b52 100644 --- a/apparmor.d/groups/freedesktop/iio-sensor-proxy +++ b/apparmor.d/groups/freedesktop/iio-sensor-proxy @@ -27,9 +27,9 @@ profile iio-sensor-proxy @{exec_path} { @{sys}/class/ r, @{sys}/class/input/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/iio:*/** rw, - @{sys}/devices/pci[0-9]*/**/name r, + @{sys}/devices/@{pci}/ r, + @{sys}/devices/@{pci}/iio:*/** rw, + @{sys}/devices/@{pci}/name r, /dev/iio:* r, diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 512fb9ef..eb26af5c 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -69,7 +69,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { @{sys}/bus/media/devices/ r, @{sys}/class/ r, @{sys}/devices/**/device:*/**/path r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,removable,uevent} r, + @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,removable,uevent} r, @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name,bios_vendor,board_vendor} r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index faab7380..74fbdcf6 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -55,8 +55,7 @@ profile pipewire-media-session @{exec_path} { @{run}/systemd/users/@{uid} r, @{sys}/devices/**/sound/**/uevent r, - @{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r, - @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r, + @{sys}/devices/@{pci}/sound/**/pcm_class r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd index 5ba3e5e3..4ea39807 100644 --- a/apparmor.d/groups/freedesktop/plymouthd +++ b/apparmor.d/groups/freedesktop/plymouthd @@ -47,8 +47,7 @@ profile plymouthd @{exec_path} { @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/class/graphics/ r, - @{sys}/devices/pci[0-9]*/**/{,uevent,vendor,device} r, - @{sys}/devices/pci[0-9]*/**/{,uevent} r, + @{sys}/devices/@{pci}/{,uevent,vendor,device} r, @{sys}/devices/virtual/graphics/fbcon/uevent r, @{sys}/devices/virtual/tty/console/active r, @{sys}/firmware/acpi/bgrt/{,*} r, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 3da13826..7f3078fc 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -98,10 +98,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/{uevent,name,id,config} r, @{sys}/devices/**/hid r, @{sys}/devices/**/power_supply/**/{type,online} r, - @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/backlight/*/{,max_}brightness r, - @{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw, - @{sys}/devices/pci[0-9]*/**/boot_vga r, + @{sys}/devices/@{pci}/ r, + @{sys}/devices/@{pci}/backlight/*/{,max_}brightness r, + @{sys}/devices/@{pci}/backlight/*/brightness rw, + @{sys}/devices/@{pci}/boot_vga r, @{sys}/devices/platform/ r, @{sys}/module/i915/{,**} r, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index d13c6f3c..f64afe2a 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -93,7 +93,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { @{run}/udev/tags/master-of-seat/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/boot_vga r, + @{sys}/devices/@{pci}/boot_vga r, @{sys}/devices/virtual/tty/tty[0-9]*/active r, @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 85d4c556..71aeffdb 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -380,10 +380,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/**/power_supply/{,**} r, - @{sys}/devices/pci[0-9]*/**/boot_vga r, - @{sys}/devices/pci[0-9]*/**/drm/ r, - @{sys}/devices/pci[0-9]*/**/input@{int}/{properties,name} r, - @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r, + @{sys}/devices/@{pci}/boot_vga r, + @{sys}/devices/@{pci}/drm/ r, + @{sys}/devices/@{pci}/input@{int}/{properties,name} r, + @{sys}/devices/@{pci}/net/*/statistics/{rx_bytes,tx_bytes} r, @{sys}/devices/platform/**/input@{int}/{properties,name} r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 72c68834..da865f75 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -117,7 +117,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/** @{sys}/devices/**/usb[0-9]/{,**} r, - @{sys}/devices/pci[0-9]*/**/sound/**/uevent r, + @{sys}/devices/@{pci}/sound/**/uevent r, @{sys}/devices/platform/**/uevent r, @{sys}/devices/virtual/**/uevent r, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index d97c62de..680a4669 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -70,13 +70,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{sys}/class/ r, @{sys}/class/backlight/ r, - @{sys}/devices/pci[0-9]*/**/class r, - @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type,enabled} r, + @{sys}/devices/@{pci}/class r, + @{sys}/devices/@{pci}/backlight/**/brightness rw, + @{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r, + @{sys}/devices/@{pci}/backlight/**/{uevent,type} r, + @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw, + @{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r, @{sys}/devices/platform/**/leds/*backlight*/uevent r, @{sys}/devices/platform/**/leds/*backlight*/max_brightness r, diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 9a50a286..65d0083b 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -153,7 +153,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, - @{sys}/devices/pci[0-9]*/**/revision r, + @{sys}/devices/@{pci}/revision r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{PROC}/@{pids}/net/wireless r, diff --git a/apparmor.d/groups/gpg/scdaemon b/apparmor.d/groups/gpg/scdaemon index 4c166718..19be29c6 100644 --- a/apparmor.d/groups/gpg/scdaemon +++ b/apparmor.d/groups/gpg/scdaemon @@ -31,7 +31,7 @@ profile scdaemon @{exec_path} { @{PROC}/@{pid}/task/@{tid}/comm rw, - @{sys}/devices/pci[0-9]*/**/bConfigurationValue r, + @{sys}/devices/@{pci}/bConfigurationValue r, include if exists } diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 88546bc4..b1c20c1f 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -42,7 +42,7 @@ profile kaccess @{exec_path} { owner @{run}/user/@{uid}/xauth_@{rand6} r, - @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, + @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, /dev/tty r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 03eebce2..d7bb2464 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -57,7 +57,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{sys}/class/usbmisc/ r, @{sys}/devices/@{pci}/drm/card@{int}/*/status r, @{sys}/devices/i2c-[0-9]*/name r, - @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/i2c-[0-9]*/name r, @{sys}/devices/platform/*/i2c-[0-9]*/name r, /dev/tty rw, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index 5ff310c1..7b4fb405 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -70,7 +70,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{run}/user/@{uid}/KSMserver__[0-9] rw, owner @{run}/user/@{uid}/xauth_@{rand6} rl, - @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, + @{sys}/devices/@{pci}/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 75214af3..0234777b 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -171,7 +171,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{sys}/class/{,**} r, @{sys}/devices/platform/** r, - @{sys}/devices/pci[0-9]*/**/name r, + @{sys}/devices/@{pci}/name r, @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/system/node/ r, diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 04b9bd43..ee8adff6 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -131,8 +131,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/uevent r, @{sys}/devices/virtual/net/{,**} r, - @{sys}/devices/pci[0-9]*/**/net/*/{,**} r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r, + @{sys}/devices/@{pci}/net/*/{,**} r, + @{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/network/dhcpcd b/apparmor.d/groups/network/dhcpcd index 62a5d44e..437c35f7 100644 --- a/apparmor.d/groups/network/dhcpcd +++ b/apparmor.d/groups/network/dhcpcd @@ -56,7 +56,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/n@{int} r, - @{sys}/devices/pci[0-9]*/**/uevent r, + @{sys}/devices/@{pci}/uevent r, @{sys}/devices/virtual/dmi/id/product_uuid r, @{sys}/devices/virtual/net/**/{tun_flags,uevent} r, diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui index 6d486320..729e9fbb 100644 --- a/apparmor.d/groups/network/mullvad-gui +++ b/apparmor.d/groups/network/mullvad-gui @@ -57,7 +57,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/*.ref rw, @{sys}/bus/pci/devices/ r, - @{sys}/devices/pci[0-9]*/**/{vendor,device,class,config,resource,irq} r, + @{sys}/devices/@{pci}/{vendor,device,class,config,resource,irq} r, @{sys}/devices/system/cpu/** r, @{sys}/devices/virtual/tty/tty[0-9]*/active r, diff --git a/apparmor.d/groups/network/nmcli b/apparmor.d/groups/network/nmcli index 9da6f06e..c3ed5da1 100644 --- a/apparmor.d/groups/network/nmcli +++ b/apparmor.d/groups/network/nmcli @@ -24,7 +24,7 @@ profile nmcli @{exec_path} { @{run}/udev/data/n@{int} r, @{sys}/devices/virtual/net/{,**} r, - @{sys}/devices/pci[0-9]*/**/net/*/{,**} r, + @{sys}/devices/@{pci}/net/*/{,**} r, profile pager { include diff --git a/apparmor.d/groups/systemd/systemd-backlight b/apparmor.d/groups/systemd/systemd-backlight index 572b5d5c..0be8f57b 100644 --- a/apparmor.d/groups/systemd/systemd-backlight +++ b/apparmor.d/groups/systemd/systemd-backlight @@ -28,15 +28,15 @@ profile systemd-backlight @{exec_path} { @{sys}/class/backlight/ r, @{sys}/devices/pci[0-9]*/*:@{int}.@{int}/**/ r, - @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/class r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/uevent r, + @{sys}/devices/@{pci}/ r, + @{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r, + @{sys}/devices/@{pci}/backlight/**/{uevent,type} r, + @{sys}/devices/@{pci}/backlight/**/brightness rw, + @{sys}/devices/@{pci}/class r, + @{sys}/devices/@{pci}/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type} r, + @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw, + @{sys}/devices/@{pci}/uevent r, @{sys}/devices/platform/**/leds/*backlight*/brightness rw, @{sys}/devices/platform/**/leds/*backlight*/max_brightness r, diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd index d4a8f17f..c28c7cb2 100644 --- a/apparmor.d/groups/systemd/systemd-networkd +++ b/apparmor.d/groups/systemd/systemd-networkd @@ -63,7 +63,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) { @{sys}/devices/@{pci}/rfkill@{int}/* r, @{sys}/devices/**/net/** r, - @{sys}/devices/pci[0-9]*/**/ r, + @{sys}/devices/@{pci}/ r, @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r, @{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/product_version r, diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index aa8c9fc8..77c2a771 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -84,8 +84,8 @@ profile subiquity-console-conf @{exec_path} { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/net/*/{,**} r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/net/{,**} r, + @{sys}/devices/@{pci}/net/*/{,**} r, + @{sys}/devices/@{pci}/usb@{int}/**/net/{,**} r, @{sys}/devices/virtual/net/{,**} r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s index 6740f9ec..20a1b055 100644 --- a/apparmor.d/groups/virt/k3s +++ b/apparmor.d/groups/virt/k3s @@ -135,7 +135,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/class/net/ r, - @{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r, + @{sys}/devices/@{pci}/net/*/{address,mtu,speed} r, @{sys}/devices/system/edac/mc/ r, @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 1b5564c0..b8b29ff6 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -198,15 +198,15 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{sys}/bus/pci/drivers/*/unbind w, @{sys}/class/[a-z]*/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/{class,revision,subsystem_vendor,subsystem_device} r, - @{sys}/devices/pci[0-9]*/**/{config,numa_node,device,vendor} r, - @{sys}/devices/pci[0-9]*/**/driver_override w, - @{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r, - @{sys}/devices/pci[0-9]*/**/mdev_supported_types/*/create w, - @{sys}/devices/pci[0-9]*/**/net/*/{,**} r, - @{sys}/devices/pci[0-9]*/**/remove w, - @{sys}/devices/pci[0-9]*/**/resource r, - @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, + @{sys}/devices/@{pci}/{class,revision,subsystem_vendor,subsystem_device} r, + @{sys}/devices/@{pci}/{config,numa_node,device,vendor} r, + @{sys}/devices/@{pci}/driver_override w, + @{sys}/devices/@{pci}/mdev_supported_types/{,**} r, + @{sys}/devices/@{pci}/mdev_supported_types/*/create w, + @{sys}/devices/@{pci}/net/*/{,**} r, + @{sys}/devices/@{pci}/remove w, + @{sys}/devices/@{pci}/resource r, + @{sys}/devices/@{pci}/sriov_totalvfs r, @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, diff --git a/apparmor.d/groups/virt/virtinterfaced b/apparmor.d/groups/virt/virtinterfaced index 8cfef1ff..a96d0992 100644 --- a/apparmor.d/groups/virt/virtinterfaced +++ b/apparmor.d/groups/virt/virtinterfaced @@ -33,7 +33,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/net/ r, - @{sys}/devices/pci[0-9]*/**/net/{,**} r, + @{sys}/devices/@{pci}/net/{,**} r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/net/{,**} r, diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd index 38b3a068..9a05dfd3 100644 --- a/apparmor.d/groups/virt/virtnodedevd +++ b/apparmor.d/groups/virt/virtnodedevd @@ -79,10 +79,10 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/{class,revision,subsystem_vendor,subsystem_device} r, @{sys}/devices/**/{config,device,vendor} r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/net/{,**} r, - @{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r, - @{sys}/devices/pci[0-9]*/**/numa_node r, - @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, + @{sys}/devices/@{pci}/net/{,**} r, + @{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r, + @{sys}/devices/@{pci}/numa_node r, + @{sys}/devices/@{pci}/sriov_totalvfs r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/dmi/id/{product_name,product_serial,product_uuid,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r, diff --git a/apparmor.d/profiles-a-f/arduino b/apparmor.d/profiles-a-f/arduino index a09714b1..95cb96a4 100644 --- a/apparmor.d/profiles-a-f/arduino +++ b/apparmor.d/profiles-a-f/arduino @@ -100,7 +100,7 @@ profile arduino @{exec_path} { @{sys}/fs/cgroup/{,**} r, @{sys}/class/tty/ r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,manufacturer,serial,product} r, + @{sys}/devices/@{pci}/usb@{int}/**/{idVendor,idProduct,manufacturer,serial,product} r, /dev/ttyS@{int} rw, /dev/ttyACM@{int} rw, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index e10f0c8f..041e2ffb 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -41,8 +41,8 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) { @{run}/sdp rw, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard - @{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r, - @{sys}/devices/pci[0-9]*/**/bluetooth/**/{uevent,name} r, + @{sys}/devices/@{pci}/rfkill[0-9]*/name r, + @{sys}/devices/@{pci}/bluetooth/**/{uevent,name} r, @{sys}/devices/platform/**/rfkill/**/name r, @{sys}/devices/virtual/dmi/id/chassis_type r, diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index eaa8b9d8..e0e2ea62 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -39,13 +39,13 @@ profile boltd @{exec_path} flags=(attach_disconnected) { @{sys}/bus/thunderbolt/devices/ r, @{sys}/bus/wmi/devices/ r, @{sys}/class/ r, - @{sys}/devices/pci[0-9]*/**/device r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/{security,uevent} r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{authorized,generation} r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{uevent,unique_id} r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/**/{vendor,device}_name r, - @{sys}/devices/pci[0-9]*/**/domain[0-9]*/iommu_dma_protection r, + @{sys}/devices/@{pci}/device r, + @{sys}/devices/@{pci}/domain[0-9]*/{security,uevent} r, + @{sys}/devices/@{pci}/domain[0-9]*/**/ r, + @{sys}/devices/@{pci}/domain[0-9]*/**/{authorized,generation} r, + @{sys}/devices/@{pci}/domain[0-9]*/**/{uevent,unique_id} r, + @{sys}/devices/@{pci}/domain[0-9]*/**/{vendor,device}_name r, + @{sys}/devices/@{pci}/domain[0-9]*/iommu_dma_protection r, @{sys}/devices/platform/**/uevent r, @{sys}/devices/platform/*/wmi_bus/wmi_bus-*/@{uuid}/force_power rw, @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r, diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop index 2aae2815..44470a4c 100644 --- a/apparmor.d/profiles-a-f/btop +++ b/apparmor.d/profiles-a-f/btop @@ -26,11 +26,11 @@ profile btop @{exec_path} { @{sys}/class/power_supply/ r, @{sys}/class/hwmon/ r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/ r, @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r, @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r, @{sys}/devices/virtual/block/dm-@{int}/stat r, - @{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r, + @{sys}/devices/@{pci}/host@{int}/*/*/block/*/*/stat r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r, @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r, diff --git a/apparmor.d/profiles-a-f/code b/apparmor.d/profiles-a-f/code index 96c46a9c..f9ea28a4 100644 --- a/apparmor.d/profiles-a-f/code +++ b/apparmor.d/profiles-a-f/code @@ -89,7 +89,7 @@ profile code flags=(attach_disconnected) { @{sys}/devices/system/cpu/present r, @{sys}/devices/system/cpu/kernel_max r, @{sys}/devices/virtual/tty/tty[0-9]*/active r, - @{sys}/devices/pci[0-9]*/**/irq r, + @{sys}/devices/@{pci}/irq r, @{PROC}/ r, @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 542cecff..a7a48d2e 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -104,7 +104,7 @@ profile conky @{exec_path} { deny ptrace (trace, read), # Display the hard disk model name - @{sys}/devices/pci[0-9]*/**/{usb,ata}[0-9]/**/model r, + @{sys}/devices/@{pci}/{usb,ata}[0-9]/**/model r, @{sys}/block/{s,v}d[a-z]/device/model r, # Display the disk write/read speed @{PROC}/diskstats r, diff --git a/apparmor.d/profiles-a-f/dumpcap b/apparmor.d/profiles-a-f/dumpcap index 91544885..e677d216 100644 --- a/apparmor.d/profiles-a-f/dumpcap +++ b/apparmor.d/profiles-a-f/dumpcap @@ -34,8 +34,8 @@ profile dumpcap @{exec_path} { @{sys}/bus/usb/devices/ r, @{sys}/devices/virtual/net/*/type r, @{sys}/devices/virtual/net/*/statistics/* r, - @{sys}/devices/pci[0-9]*/**/net/*/type r, - @{sys}/devices/pci[0-9]*/**/net/*/statistics/* r, + @{sys}/devices/@{pci}/net/*/type r, + @{sys}/devices/@{pci}/net/*/statistics/* r, @{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/psched r, diff --git a/apparmor.d/profiles-a-f/edid-decode b/apparmor.d/profiles-a-f/edid-decode index 89b3f99f..92d76fb3 100644 --- a/apparmor.d/profiles-a-f/edid-decode +++ b/apparmor.d/profiles-a-f/edid-decode @@ -12,7 +12,7 @@ profile edid-decode @{exec_path} { @{exec_path} mr, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/*/edid r, + @{sys}/devices/@{pci}/drm/card[0-9]/*/edid r, include if exists } diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index f1d10735..7243970c 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -37,7 +37,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c25[0-4]:@{int} r, @{sys}/class/hidraw/ r, - @{sys}/devices/pci[0-9]*/**/hidraw/hidraw[0-9]*/uevent r, + @{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r, @{sys}/devices/virtual/**/hidraw/hidraw[0-9]*/uevent r, include if exists diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index b75914d7..b0d3fa01 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -76,7 +76,7 @@ profile gparted @{exec_path} { @{sys}/** r, @{sys}/devices/virtual/block/**/uevent rw, - @{sys}/devices/pci[0-9]*/**/block/**/uevent rw, + @{sys}/devices/@{pci}/block/**/uevent rw, @{run}/udev/data/* r, } diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index 62e004ed..b274aea9 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -102,10 +102,10 @@ profile gpartedbin @{exec_path} { @{bin}/mount mr, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/ r, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/dev r, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r, - @{sys}/devices/pci[0-9]*/**/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r, + @{sys}/devices/@{pci}/block/{s,v}d[a-z]/ r, + @{sys}/devices/@{pci}/block/{s,v}d[a-z]/dev r, + @{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r, + @{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r, /dev/{s,v}d[a-z]* r, /dev/{s,v}d[a-z]*[0-9]* r, diff --git a/apparmor.d/profiles-g-l/gzdoom b/apparmor.d/profiles-g-l/gzdoom index 7ebe6f87..e1193eb2 100644 --- a/apparmor.d/profiles-g-l/gzdoom +++ b/apparmor.d/profiles-g-l/gzdoom @@ -53,7 +53,7 @@ profile gzdoom @{exec_path} { /etc/machine-id r, /var/lib/dbus/machine-id r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r, + @{sys}/devices/@{pci}/usb@{int}/**/uevent r, owner @{HOME}/ r, owner @{user_config_dirs}/gzdoom/ rw, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index 1470a3db..acbcdccc 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -74,8 +74,8 @@ profile hardinfo @{exec_path} { @{sys}/devices/virtual/thermal/thermal_zone[0-9]/temp* r, @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, - @{sys}/devices/pci[0-9]*/**/eeprom r, - @{sys}/devices/pci[0-9]*/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/@{pci}/eeprom r, + @{sys}/devices/@{pci}/hwmon/hwmon@{int}/temp* r, @{sys}/devices/**/power_supply/** r, @{PROC}/@{pid}/net/wireless r, diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index 0776d2bf..e5430e96 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -98,7 +98,7 @@ profile htop @{exec_path} { @{sys}/devices/**/power_supply/**/{uevent,type,online} r, @{sys}/devices/*/name r, @{sys}/devices/i2c-[0-9]*/name r, - @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/i2c-[0-9]*/name r, @{sys}/devices/platform/*/i2c-[0-9]*/name r, @{sys}/devices/system/cpu/cpu@{int}/online r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r, diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index 22c03f82..ac9bab53 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -99,7 +99,7 @@ profile hw-probe @{exec_path} { @{sys}/class/power_supply/ r, @{sys}/devices/virtual/dmi/id/* r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/*/edid r, + @{sys}/devices/@{pci}/drm/card[0-9]/*/edid r, @{sys}/devices/**/power_supply/*/uevent r, @{sys}/firmware/efi/efivars/ r, diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 0fc361b5..d07d826d 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -85,7 +85,7 @@ profile hwinfo @{exec_path} { # file_inherit /dev/ttyS@{int} r, owner /tmp/hwinfo*.txt rw, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, + @{sys}/devices/@{pci}/drm/card@{int}/ r, } diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index 37909623..dad76ca1 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -60,7 +60,7 @@ profile hypnotix @{exec_path} { owner @{user_music_dirs}/** r, - @{sys}/devices/pci[0-9]*/**/drm/ r, + @{sys}/devices/@{pci}/drm/ r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index bd74d198..5c823c78 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -120,7 +120,7 @@ profile inxi @{exec_path} { @{bin}/ip mr, - @{sys}/devices/pci[0-9]*/**/net/*/{duplex,address,speed,operstate} r, + @{sys}/devices/@{pci}/net/*/{duplex,address,speed,operstate} r, /etc/iproute2/group r, @@ -153,7 +153,7 @@ profile inxi @{exec_path} { @{PROC}/1/environ r, @{PROC}/sys/kernel/osrelease r, - @{sys}/devices/pci[0-9]*/**/block/**/uevent r, + @{sys}/devices/@{pci}/block/**/uevent r, @{run}/udev/data/b* r, } diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index 4c4d3374..ace3cb95 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -23,9 +23,9 @@ profile irqbalance @{exec_path} flags=(attach_disconnected) { @{run}/irqbalance/irqbalance[0-9]*.sock w, @{sys}/bus/pci/devices/ r, - @{sys}/devices/pci[0-9]*/**/{class,numa_node,local_cpus,irq} r, - @{sys}/devices/pci[0-9]*/**/{vendor,device,subsystem_vendor,subsystem_device} r, - @{sys}/devices/pci[0-9]*/**/msi_irqs/ r, + @{sys}/devices/@{pci}/{class,numa_node,local_cpus,irq} r, + @{sys}/devices/@{pci}/{vendor,device,subsystem_vendor,subsystem_device} r, + @{sys}/devices/@{pci}/msi_irqs/ r, @{sys}/devices/system/cpu/cpu@{int}/ r, @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]*/shared_cpu_map r, @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, diff --git a/apparmor.d/profiles-g-l/iw b/apparmor.d/profiles-g-l/iw index fd5a2054..2c9ac6a9 100644 --- a/apparmor.d/profiles-g-l/iw +++ b/apparmor.d/profiles-g-l/iw @@ -20,7 +20,7 @@ profile iw @{exec_path} { @{exec_path} mr, - @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]*/index r, + @{sys}/devices/@{pci}/ieee80211/phy[0-9]*/index r, # file_inherit owner /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index b4c4b885..26ef8984 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -62,8 +62,8 @@ profile kodi @{exec_path} { @{sys}/**/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/{bDeviceClass,idProduct,idVendor} r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{bDeviceClass,idProduct,idVendor} r, + @{sys}/devices/@{pci}/usb@{int}/{bDeviceClass,idProduct,idVendor} r, + @{sys}/devices/@{pci}/usb@{int}/**/{bDeviceClass,idProduct,idVendor} r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index b4aaff6c..e0818920 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -41,7 +41,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{sys}/class/drm/ r, @{sys}/class/input/ r, - @{sys}/devices/pci[0-9]*/**/boot_vga r, + @{sys}/devices/@{pci}/boot_vga r, @{sys}/devices/**/uevent r, @{run}/udev/data/+acpi:* r, # for ? diff --git a/apparmor.d/profiles-g-l/light b/apparmor.d/profiles-g-l/light index cca9a850..b21746bb 100644 --- a/apparmor.d/profiles-g-l/light +++ b/apparmor.d/profiles-g-l/light @@ -23,11 +23,11 @@ profile light @{exec_path} { @{sys}/class/backlight/ r, @{sys}/class/leds/ r, - @{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/{,max_}brightness r, - @{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/brightness rw, + @{sys}/devices/@{pci}/drm/**/intel_backlight/{,max_}brightness r, + @{sys}/devices/@{pci}/drm/**/intel_backlight/brightness rw, - @{sys}/devices/pci[0-9]*/**/backlight/*/{,max_}brightness r, - @{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw, + @{sys}/devices/@{pci}/backlight/*/{,max_}brightness r, + @{sys}/devices/@{pci}/backlight/*/brightness rw, # file_inherit owner /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index 87d4a1bc..e3e3a654 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -26,11 +26,11 @@ profile light-locker @{exec_path} { # when locking the screen and switching/closing sessions @{run}/systemd/sessions/* r, - @{sys}/devices/pci[0-9]*/**/uevent r, - @{sys}/devices/pci[0-9]*/**/vendor r, - @{sys}/devices/pci[0-9]*/**/device r, - @{sys}/devices/pci[0-9]*/**/subsystem_vendor r, - @{sys}/devices/pci[0-9]*/**/subsystem_device r, + @{sys}/devices/@{pci}/uevent r, + @{sys}/devices/@{pci}/vendor r, + @{sys}/devices/@{pci}/device r, + @{sys}/devices/@{pci}/subsystem_vendor r, + @{sys}/devices/@{pci}/subsystem_device r, # file_inherit owner /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-m-r/mdevctl b/apparmor.d/profiles-m-r/mdevctl index 4f8bac9a..bba984f0 100644 --- a/apparmor.d/profiles-m-r/mdevctl +++ b/apparmor.d/profiles-m-r/mdevctl @@ -18,7 +18,7 @@ profile mdevctl @{exec_path} { @{sys}/bus/mdev/devices/ r, @{sys}/class/mdev_bus/ r, - @{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r, + @{sys}/devices/@{pci}/mdev_supported_types/{,**} r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix index 34e1494c..cbbb8ec7 100644 --- a/apparmor.d/profiles-m-r/monitorix +++ b/apparmor.d/profiles-m-r/monitorix @@ -94,7 +94,7 @@ profile monitorix @{exec_path} { @{PROC}/@{pids}/io r, @{sys}/class/i2c-adapter/ r, - @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/i2c-[0-9]*/name r, @{sys}/class/hwmon/ r, @{sys}/devices/**/thermal*/{,**} r, @{sys}/devices/**/hwmon*/{,**} r, diff --git a/apparmor.d/profiles-m-r/mono-sgen b/apparmor.d/profiles-m-r/mono-sgen index a48b7259..79566323 100644 --- a/apparmor.d/profiles-m-r/mono-sgen +++ b/apparmor.d/profiles-m-r/mono-sgen @@ -43,11 +43,11 @@ profile mono-sgen @{exec_path} { owner /tmp/CASESENSITIVETEST* rw, owner /dev/shm/mono.* rw, - @{sys}/devices/pci[0-9]*/**/uevent r, - @{sys}/devices/pci[0-9]*/**/vendor r, - @{sys}/devices/pci[0-9]*/**/device r, - @{sys}/devices/pci[0-9]*/**/subsystem_vendor r, - @{sys}/devices/pci[0-9]*/**/subsystem_device r, + @{sys}/devices/@{pci}/uevent r, + @{sys}/devices/@{pci}/vendor r, + @{sys}/devices/@{pci}/device r, + @{sys}/devices/@{pci}/subsystem_vendor r, + @{sys}/devices/@{pci}/subsystem_device r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index 509f913e..e64dfd52 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -37,8 +37,8 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/drm/ r, - @{sys}/devices/pci[0-9]*/**/drm/card@{int}/gt_cur_freq_mhz r, - @{sys}/devices/pci[0-9]*/**/enable r, + @{sys}/devices/@{pci}/drm/card@{int}/gt_cur_freq_mhz r, + @{sys}/devices/@{pci}/enable r, @{sys}/devices/system/node/node@{int}/cpumap r, @{PROC}/ r, diff --git a/apparmor.d/profiles-m-r/obexautofs b/apparmor.d/profiles-m-r/obexautofs index c2de0ca2..480818bc 100644 --- a/apparmor.d/profiles-m-r/obexautofs +++ b/apparmor.d/profiles-m-r/obexautofs @@ -28,10 +28,10 @@ profile obexautofs @{exec_path} { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/bus/usb/devices/ r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/bConfigurationValue r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bConfigurationValue r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/{uevent,busnum,devnum,speed,descriptors} r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{uevent,busnum,devnum,speed,descriptors} r, + @{sys}/devices/@{pci}/usb@{int}/bConfigurationValue r, + @{sys}/devices/@{pci}/usb@{int}/**/bConfigurationValue r, + @{sys}/devices/@{pci}/usb@{int}/{uevent,busnum,devnum,speed,descriptors} r, + @{sys}/devices/@{pci}/usb@{int}/**/{uevent,busnum,devnum,speed,descriptors} r, @{run}/udev/data/+usb:* r, @{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 373140a9..891ed305 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -64,7 +64,7 @@ profile os-prober @{exec_path} flags=(attach_disconnected) { owner /tmp/os-prober.*/{,**} rw, @{sys}/block/ r, - @{sys}/devices/pci[0-9]*/**/block/*/ r, + @{sys}/devices/@{pci}/block/*/ r, @{sys}/devices/virtual/block/*/ r, @{PROC}/swaps r, diff --git a/apparmor.d/profiles-m-r/picom b/apparmor.d/profiles-m-r/picom index 97abb147..bca0b8e3 100644 --- a/apparmor.d/profiles-m-r/picom +++ b/apparmor.d/profiles-m-r/picom @@ -27,7 +27,7 @@ profile picom @{exec_path} { owner @{HOME}/.Xauthority r, - @{sys}/devices/pci[0-9]*/**/{uevent,vendor,device,subsystem_vendor,subsystem_device} r, + @{sys}/devices/@{pci}/{uevent,vendor,device,subsystem_vendor,subsystem_device} r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-r/rfkill b/apparmor.d/profiles-m-r/rfkill index 6ed83bc0..8e188e7d 100644 --- a/apparmor.d/profiles-m-r/rfkill +++ b/apparmor.d/profiles-m-r/rfkill @@ -14,7 +14,7 @@ profile rfkill @{exec_path} { /dev/rfkill rw, - @{sys}/devices/pci[0-9]*/**/rfkill[0-9]/{name,type} r, + @{sys}/devices/@{pci}/rfkill[0-9]/{name,type} r, @{sys}/devices/platform/**/rfkill/rfkill[0-9]/{name,type} r, include if exists diff --git a/apparmor.d/profiles-s-z/sensors b/apparmor.d/profiles-s-z/sensors index bf1cfce8..f7f5c4be 100644 --- a/apparmor.d/profiles-s-z/sensors +++ b/apparmor.d/profiles-s-z/sensors @@ -26,7 +26,7 @@ profile sensors @{exec_path} { @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r, @{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r, @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r, - @{sys}/devices/pci[0-9]*/**/name r, + @{sys}/devices/@{pci}/name r, @{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r, @{sys}/devices/virtual/hwmon/hwmon[0-9]* r, @{sys}/devices/virtual/hwmon/hwmon@{int}/ r, diff --git a/apparmor.d/profiles-s-z/sensors-detect b/apparmor.d/profiles-s-z/sensors-detect index 4d85d3c7..17be5313 100644 --- a/apparmor.d/profiles-s-z/sensors-detect +++ b/apparmor.d/profiles-s-z/sensors-detect @@ -27,9 +27,9 @@ profile sensors-detect @{exec_path} { @{sys}/bus/pci/devices/ r, @{sys}/class/i2c-adapter/ r, - @{sys}/devices/pci[0-9]*/**/{class,vendor,device} r, - @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, - @{sys}/devices/pci[0-9]*/**/modalias r, + @{sys}/devices/@{pci}/{class,vendor,device} r, + @{sys}/devices/@{pci}/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/modalias r, @{sys}/devices/virtual/dmi/id/board_{version,vendor,name} r, @{sys}/devices/virtual/dmi/id/product_{version,name} r, @{sys}/devices/virtual/dmi/id/chassis_type r, diff --git a/apparmor.d/profiles-s-z/sfdisk b/apparmor.d/profiles-s-z/sfdisk index 18f2f25a..fc4e42f8 100644 --- a/apparmor.d/profiles-s-z/sfdisk +++ b/apparmor.d/profiles-s-z/sfdisk @@ -30,7 +30,7 @@ profile sfdisk @{exec_path} { # For disk images owner @{user_img_dirs}/{,**} rwk, - owner @{sys}/devices/pci[0-9]*/**/model r, + owner @{sys}/devices/@{pci}/model r, include if exists } diff --git a/apparmor.d/profiles-s-z/spflashtool b/apparmor.d/profiles-s-z/spflashtool index e4d60642..9ca448cc 100644 --- a/apparmor.d/profiles-s-z/spflashtool +++ b/apparmor.d/profiles-s-z/spflashtool @@ -43,7 +43,7 @@ profile spflashtool @{exec_path} { # For reading/writing from/to phone flash memory /dev/ttyACM[0-9]* rw, - @{sys}/devices/pci[0-9]*/**/{idVendor,idProduct} r, + @{sys}/devices/@{pci}/{idVendor,idProduct} r, # Silence the noise /opt/SPFlashTool/** w, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 39fe1c31..cd1bb1ba 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -183,10 +183,10 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/class r, - @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/report_descriptor r, - @{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r, + @{sys}/devices/@{pci}/class r, + @{sys}/devices/@{pci}/i2c-[0-9]*/report_descriptor r, + @{sys}/devices/@{pci}/sound/card[0-9]*/** r, + @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, @{sys}/devices/system/cpu/** r, @{sys}/devices/system/node/ r, @{sys}/devices/virtual/dmi/id/bios_version rk, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index d7d48473..2f1da3b3 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -207,8 +207,8 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/pci[0-9]*/**/sound/card[0-9]*/** r, - @{sys}/devices/pci[0-9]*/**/usb[0-9]*/{manufacturer,product,bcdDevice,bInterfaceNumber} r, + @{sys}/devices/@{pci}/sound/card[0-9]*/** r, + @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, @{sys}/devices/system/clocksource/clocksource[0-9]*/current_clocksource r, @{sys}/devices/system/cpu/** r, @{sys}/devices/system/node/node[0-9]/cpumap r, diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 36748dc4..aff324fb 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -31,7 +31,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/drm/ r, - @{sys}/devices/pci[0-9]*/**/boot_vga r, + @{sys}/devices/@{pci}/boot_vga r, @{sys}/devices/{pci[0-9]*,virtual}/**/uevent r, include if exists diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 6fd1e0fc..e674fc87 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -38,11 +38,11 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/system/cpu/intel_pstate/no_turbo rw, @{sys}/devices/system/cpu/intel_pstate/status r, - @{sys}/devices/pci[0-9]*/**/drm/**/intel_backlight/max_brightness r, - @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_max_uw r, - @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_min_uw r, - @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmax_us r, - @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_@{int}_tmin_us r, + @{sys}/devices/@{pci}/drm/**/intel_backlight/max_brightness r, + @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_max_uw r, + @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_min_uw r, + @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmax_us r, + @{sys}/devices/@{pci}/power_limits/power_limit_@{int}_tmin_us r, @{sys}/devices/**/hwmon@{int}/ r, @{sys}/devices/**/hwmon@{int}/name r, diff --git a/apparmor.d/profiles-s-z/thunderbird-glxtest b/apparmor.d/profiles-s-z/thunderbird-glxtest index fd159a8d..9206d9d9 100644 --- a/apparmor.d/profiles-s-z/thunderbird-glxtest +++ b/apparmor.d/profiles-s-z/thunderbird-glxtest @@ -28,7 +28,7 @@ profile thunderbird-glxtest @{exec_path} { owner /tmp/thunderbird/.parentlock rw, @{sys}/bus/pci/devices/ r, - @{sys}/devices/pci[0-9]*/**/class r, + @{sys}/devices/@{pci}/class r, owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 428ff523..1eb9e52b 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -135,8 +135,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{sys}/class/nvme-subsystem/ r, @{sys}/class/nvme/ r, @{sys}/devices/@{pci}/uevent r, - @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w, - @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw, + @{sys}/devices/@{pci}/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w, + @{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw, @{sys}/devices/virtual/bdi/**/read_ahead_kb r, @{sys}/devices/virtual/block/*/{,**} rw, @{sys}/devices/virtual/block/loop[0-9]*/uevent rw, diff --git a/apparmor.d/profiles-s-z/usbguard b/apparmor.d/profiles-s-z/usbguard index 0f4eca09..2385f0b2 100644 --- a/apparmor.d/profiles-s-z/usbguard +++ b/apparmor.d/profiles-s-z/usbguard @@ -29,7 +29,7 @@ profile usbguard @{exec_path} { /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, # For "usbguard generate-policy" - @{sys}/devices/pci[0-9]*/**/uevent r, + @{sys}/devices/@{pci}/uevent r, include if exists } diff --git a/apparmor.d/profiles-s-z/usbguard-daemon b/apparmor.d/profiles-s-z/usbguard-daemon index e359e466..7f512681 100644 --- a/apparmor.d/profiles-s-z/usbguard-daemon +++ b/apparmor.d/profiles-s-z/usbguard-daemon @@ -33,7 +33,7 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) { /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/ rw, /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, - @{sys}/devices/pci[0-9]*/**/uevent r, + @{sys}/devices/@{pci}/uevent r, include if exists } diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 1f9d352e..fa4a2227 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -95,7 +95,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c5[0-9]*:@{int} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, - @{sys}/devices/pci[0-9]*/**/drm/ r, + @{sys}/devices/@{pci}/drm/ r, @{sys}/devices/virtual/drm/ttm/uevent r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-s-z/vnstat b/apparmor.d/profiles-s-z/vnstat index 7f6ff8d7..c158555a 100644 --- a/apparmor.d/profiles-s-z/vnstat +++ b/apparmor.d/profiles-s-z/vnstat @@ -42,10 +42,10 @@ profile vnstat @{exec_path} { @{sys}/class/net/ r, - @{sys}/devices/pci[0-9]*/**/net/*/statistics/{tx,rx}_{bytes,packets} r, + @{sys}/devices/@{pci}/net/*/statistics/{tx,rx}_{bytes,packets} r, @{sys}/devices/virtual/net/*/statistics/{tx,rx}_{bytes,packets} r, - @{sys}/devices/pci[0-9]*/**/net/*/speed r, + @{sys}/devices/@{pci}/net/*/speed r, @{sys}/devices/virtual/net/*/speed r, @{PROC}/@{pid}/net/dev r, diff --git a/apparmor.d/profiles-s-z/vnstatd b/apparmor.d/profiles-s-z/vnstatd index c6da9fda..88ac82a2 100644 --- a/apparmor.d/profiles-s-z/vnstatd +++ b/apparmor.d/profiles-s-z/vnstatd @@ -16,7 +16,7 @@ profile vnstatd @{exec_path} { /etc/vnstat.conf r, # To determine capacity of a network interface - @{sys}/devices/pci[0-9]*/**/net/**/speed r, + @{sys}/devices/@{pci}/net/**/speed r, @{sys}/devices/virtual/net/**/speed r, # To collect interfaces' data diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 1c84cc00..8d0082e4 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -65,7 +65,7 @@ profile wireplumber @{exec_path} { @{sys}/devices/**/device:*/**/path r, @{sys}/devices/**/sound/**/pcm_class r, @{sys}/devices/**/sound/**/uevent r, - @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r, + @{sys}/devices/@{pci}/video4linux/video[0-9]*/uevent r, @{sys}/devices/virtual/dmi/id/bios_vendor r, @{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/sys_vendor r, diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant index 43d79b2f..ae87163a 100644 --- a/apparmor.d/profiles-s-z/wpa-supplicant +++ b/apparmor.d/profiles-s-z/wpa-supplicant @@ -48,7 +48,7 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) { owner @{run}/wpa_supplicant/{,**} rw, - @{sys}/devices/pci[0-9]*/**/ieee*/phy@{int}/name r, + @{sys}/devices/@{pci}/ieee*/phy@{int}/name r, @{PROC}/sys/net/ipv{4,6}/conf/p2p*/drop_* rw, @{PROC}/sys/net/ipv{4,6}/conf/wlan*/drop_* rw,