From cd1de59aadb8bed5f377fc22e95f1c8f8296c3c5 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 24 Nov 2023 18:17:26 +0000 Subject: [PATCH] feat(abs): improve audio abstraction. --- apparmor.d/abstractions/audio.d/complete | 13 ++++++++----- .../groups/freedesktop/pipewire-media-session | 2 -- apparmor.d/groups/freedesktop/pulseaudio | 2 -- apparmor.d/profiles-m-r/mpv | 2 -- apparmor.d/profiles-s-z/steam | 2 -- apparmor.d/profiles-s-z/steam-game | 2 -- apparmor.d/profiles-s-z/wireplumber | 3 --- 7 files changed, 8 insertions(+), 18 deletions(-) diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index 251063f6..c18fc24e 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -1,10 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2020-2022 Mikhail Morfikov -# Copyright (C) 2021-2022 Alexandre Pujol +# Copyright (C) 2021-2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only - /usr/share/sounds/ r, - # PulseAudio module-ladspa-sink (plugin sc4m_1916) - /usr/lib/ladspa/ r, - /usr/lib/ladspa/*.so mr, + @{lib}/ladspa/ r, + @{lib}/ladspa/*.so mr, + + @{run}/udev/data/+sound:card@{int} r, + + @{sys}/class/ r, + @{sys}/class/sound/ r, diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index 977427eb..39905a39 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -58,12 +58,10 @@ profile pipewire-media-session @{exec_path} { owner @{run}/user/@{uid}/pipewire-[0-9]* rw, - @{run}/udev/data/+sound:card@{int} r, # For sound @{run}/udev/data/c116:@{int} r, # for ALSA @{run}/systemd/users/@{uid} r, - @{sys}/class/sound/ r, @{sys}/class/video4linux/ r, @{sys}/devices/**/sound/**/uevent r, @{sys}/devices/pci[0-9]*/**/modalias r, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index d9205d53..d755d1ef 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -180,13 +180,11 @@ profile pulseaudio @{exec_path} { @{run}/systemd/users/@{uid} r, @{run}/udev/data/+pci:* r, - @{run}/udev/data/+sound:card@{int} r, # For sound @{run}/udev/data/c116:@{int} r, # for ALSA @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c24[0-9]:@{int} r, @{run}/udev/data/c25[0-4]:@{int} r, - @{sys}/class/sound/ r, @{sys}/devices/**/sound/**/{uevent,pcm_class} r, @{sys}/devices/virtual/dmi/id/{bios_vendor,board_vendor,sys_vendor} r, diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index 98c657bd..a2fc020d 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -72,14 +72,12 @@ profile mpv @{exec_path} { owner @{PROC}/@{pid}/task/ r, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+sound:* r, @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c116:@{int} r, # for ALSA @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/input/ r, - @{sys}/class/sound/ r, @{sys}/devices/**/input/**/capabilities/* r, @{sys}/devices/**/input/**/uevent r, @{sys}/devices/**/sound/**/capabilities/* r, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index dff551e8..5762132b 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -163,7 +163,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+sound* r, @{run}/udev/data/+pci:* r, @{run}/udev/data/c13:@{int} r, # for /dev/input/* @@ -180,7 +179,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{sys}/class/hidraw/ r, @{sys}/class/input/ r, @{sys}/class/net/ r, - @{sys}/class/sound/ r, @{sys}/devices/**/input@{int}/ r, @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index 253f5513..6c15d14e 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -190,7 +190,6 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { owner /tmp/pressure-vessel-*/{,**} rwl, @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - @{run}/udev/data/+sound* r, @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c116:@{int} r, # for ALSA @@ -203,7 +202,6 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{sys}/class/ r, @{sys}/class/hidraw/ r, @{sys}/class/input/ r, - @{sys}/class/sound/ r, @{sys}/devices/**/input@{int}/ r, @{sys}/devices/**/input@{int}/**/{vendor,product} r, @{sys}/devices/**/input@{int}/capabilities/* r, diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index da77fb2e..6e48b31c 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -46,7 +46,6 @@ profile wireplumber @{exec_path} { @{run}/systemd/users/@{uid} r, - @{run}/udev/data/+sound:card@{int} r, # For sound @{run}/udev/data/c14:@{int} r, # Open Sound System (OSS) @{run}/udev/data/c81:@{int} r, # For video4linux @{run}/udev/data/c116:@{int} r, # For ALSA @@ -59,8 +58,6 @@ profile wireplumber @{exec_path} { @{sys}/bus/ r, @{sys}/bus/media/devices/ r, - @{sys}/class/ r, - @{sys}/class/sound/ r, @{sys}/devices/**/device:*/**/path r, @{sys}/devices/**/sound/**/pcm_class r, @{sys}/devices/**/sound/**/uevent r,