feat(profile): add ddcutil

apparmor.d/groups/systemd/systemd-udevd

@@ -39,6 +39,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   @{coreutils_path}        rix,
   @{bin}/*-print-pci-ids   rix,
   @{bin}/alsactl          rPUx,
+  @{bin}/ddcutil           rPx,
   @{bin}/dmsetup          rPUx,
   @{bin}/ethtool           rix,
   @{bin}/issue-generator   rPx,

apparmor.d/profiles-a-f/ddcutil

@@ -0,0 +1,47 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/ddcutil
+profile ddcutil @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/dri>
+  include <abstractions/nameservice-strict>
+
+  capability sys_admin,
+
+  @{exec_path} mr,
+
+  @{sh_path}               rix,
+  @{bin}/find              rix,
+  @{bin}/sed               rix,
+  @{bin}/xargs             rix,
+  @{bin}/grep              rix,
+
+  owner @{user_cache_dirs}/ddcutil/ rw,
+  owner @{user_cache_dirs}/ddcutil/** rwlk,
+
+  @{run}/udev/data/* r,
+
+  @{sys}/ r,
+  @{sys}/bus/ r,
+  @{sys}/bus/** r,
+  @{sys}/class/ r,
+  @{sys}/class/** r,
+  @{sys}/devices/ r,
+  @{sys}/devices/** r,
+
+  owner @{PROC}/@{pid}/fd/ r,
+
+  /dev/ r,
+  /dev/i2c-@{int} rwk,
+
+  include if exists <local/ddcutil>
+}
+
+# vim:syntax=apparmor

dists/flags/main.flags

@@ -84,6 +84,7 @@ cups-notifier-mailto complain
 cups-notifier-rss complain
 cups-pk-helper-mechanism complain
 cupsd attach_disconnected,complain
+ddcutil complain
 DiscoverNotifier complain
 dkms attach_disconnected,complain
 dockerd attach_disconnected,complain