feat(abs): modernize disk-read/write abs.

This commit is contained in:
Alexandre Pujol 2023-08-24 19:34:21 +01:00
parent 25782cb925
commit d80b758968
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 43 additions and 69 deletions

View File

@ -29,6 +29,10 @@
@{sys}/devices/pci[0-9]*/**/block/mmcblk@{int}/** r, @{sys}/devices/pci[0-9]*/**/block/mmcblk@{int}/** r,
@{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/ r, @{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/ r,
@{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/** r, @{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/** r,
@{sys}/devices/platform/**/block/mmcblk@{int}/ r,
@{sys}/devices/platform/**/block/mmcblk@{int}/** r,
@{sys}/devices/platform/**/mmc@{int}/ r,
@{sys}/devices/platform/**/mmc@{int}/** r,
# Loop devices # Loop devices
/dev/loop[0-9]* rk, /dev/loop[0-9]* rk,
@ -44,8 +48,8 @@
# ZFS devices # ZFS devices
/dev/zd@{int} rk, /dev/zd@{int} rk,
/dev/zvol/{,*/} r,
/dev/*pool/ r, /dev/*pool/ r,
/dev/zvol/{,*/} r,
@{sys}/devices/virtual/block/zd@{int}/ r, @{sys}/devices/virtual/block/zd@{int}/ r,
@{sys}/devices/virtual/block/zd@{int}/** r, @{sys}/devices/virtual/block/zd@{int}/** r,
@ -61,63 +65,32 @@
# Floppy disks # Floppy disks
/dev/fd@{int} rk, /dev/fd@{int} rk,
@{sys}/devices/platform/floppy.@{int}/block/fd[0-9]/ r, @{sys}/devices/platform/floppy.@{int}/block/fd@{int}/ r,
@{sys}/devices/platform/floppy.@{int}/block/fd[0-9]/** r, @{sys}/devices/platform/floppy.@{int}/block/fd@{int}/** r,
# Armbian / DietPi
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/} r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}hidden r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}dev r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}size r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}ro r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}removable r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}start r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}uevent r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}holders/ r,
@{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk@{int}/{,mmcblk*/}slaves/ r,
@{sys}/devices/platform/{soc,*.mmc}/**/mmc@{int}/mmc*/ r,
@{sys}/devices/platform/{soc,*.mmc}/**/mmc@{int}/mmc*/type r,
@{sys}/devices/virtual/block/ram@{int}/ r,
@{sys}/devices/virtual/block/ram@{int}/hidden r,
@{sys}/devices/virtual/block/ram@{int}/dev r,
@{sys}/devices/virtual/block/ram@{int}/size r,
@{sys}/devices/virtual/block/ram@{int}/ro r,
@{sys}/devices/virtual/block/ram@{int}/removable r,
@{sys}/devices/virtual/block/ram@{int}/holders/ r,
@{sys}/devices/virtual/block/ram@{int}/slaves/ r,
# investigate
# /dev/ram@{int} r,
# ??
@{sys}/devices/pci[0-9]*/*/virtio@{int}/host@{int}/target*/*/type r,
# CD-ROM # CD-ROM
/dev/sr@{int} rk, /dev/sr@{int} rk,
@{sys}/class/block/ r, # Lookup block device by major:minor numbers
# See: https://apparmor.pujol.io/development/structure/#udev-rules
@{sys}/block/ r, @{sys}/block/ r,
# To be able to look up each block device by major:minor numbers @{sys}/class/block/ r,
@{sys}/dev/block/ r, @{sys}/dev/block/ r,
# According to the kernel docs[1], the major block numbers from 240 to 254 are allocated @{run}/udev/data/b2:@{int} r, # for /dev/fd*
# dynamically by the kernel for devices which don't have official numbers assigned. It looks like @{run}/udev/data/b7:@{int} r, # for /dev/loop*
# that "dm" (device mapper) and "zram" are such devices. To avoid issues when kernel config @{run}/udev/data/b8:@{int} r, # for /dev/sd*
# changes, it's better to allow the whole range (240-254) instead of the single major numbers @{run}/udev/data/b11:@{int} r, # for /dev/sr*
# visible in the /proc/devices file. @{run}/udev/data/b43:@{int} r, # for /dev/nbd*
# [1]: https://raw.githubusercontent.com/torvalds/linux/master/Documentation/admin-guide/devices.txt @{run}/udev/data/b179:@{int} r, # for /dev/mmcblk*
@{run}/udev/data/b24[0-9]:@{int} r, @{run}/udev/data/b230:@{int} r, # for /dev/zvol*
@{run}/udev/data/b24[0-9]:@{int} r, # for dynamic assignment range 240 to 254
@{run}/udev/data/b25[0-4]:@{int} r, @{run}/udev/data/b25[0-4]:@{int} r,
@{run}/udev/data/b259:@{int} r, @{run}/udev/data/b259:@{int} r,
@{run}/udev/data/b11:@{int} r, # for /dev/sr*
@{run}/udev/data/b179:@{int} r, # for /dev/mmcblk*
@{run}/udev/data/b230:@{int} r, # for /dev/zvol*
@{run}/udev/data/b43:@{int} r, # for /dev/nbd*
@{run}/udev/data/b7:@{int} r, # for /dev/loop*
@{run}/udev/data/b8:@{int} r, # for /dev/sd*
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
@{run}/udev/data/+usb:* r, # for ? @{run}/udev/data/+usb:* r, # for disk over usb hub
include if exists <abstractions/disks-read.d> include if exists <abstractions/disks-read.d>

View File

@ -29,6 +29,10 @@
@{sys}/devices/pci[0-9]*/**/block/mmcblk@{int}/** r, @{sys}/devices/pci[0-9]*/**/block/mmcblk@{int}/** r,
@{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/ r, @{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/ r,
@{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/** r, @{sys}/devices/pci[0-9]*/**/mmc@{int}/mmc*/** r,
@{sys}/devices/platform/**/block/mmcblk@{int}/ r,
@{sys}/devices/platform/**/block/mmcblk@{int}/** r,
@{sys}/devices/platform/**/mmc@{int}/ r,
@{sys}/devices/platform/**/mmc@{int}/** r,
# Loop devices # Loop devices
/dev/loop[0-9]* rwk, /dev/loop[0-9]* rwk,
@ -44,6 +48,8 @@
# ZFS devices # ZFS devices
/dev/zd@{int} rwk, /dev/zd@{int} rwk,
/dev/*pool/ r,
/dev/zvol/{,*/} r,
@{sys}/devices/virtual/block/zd@{int}/ r, @{sys}/devices/virtual/block/zd@{int}/ r,
@{sys}/devices/virtual/block/zd@{int}/** r, @{sys}/devices/virtual/block/zd@{int}/** r,
@ -59,37 +65,32 @@
# Floppy disks # Floppy disks
/dev/fd@{int} rwk, /dev/fd@{int} rwk,
@{sys}/devices/platform/floppy.@{int}/block/fd[0-9]/ r, @{sys}/devices/platform/floppy.@{int}/block/fd@{int}/ r,
@{sys}/devices/platform/floppy.@{int}/block/fd[0-9]/** r, @{sys}/devices/platform/floppy.@{int}/block/fd@{int}/** r,
# CD-ROM # CD-ROM
/dev/sr@{int} rwk, /dev/sr@{int} rwk,
@{sys}/class/block/ r, # Lookup block device by major:minor numbers
# See: https://apparmor.pujol.io/development/structure/#udev-rules
@{sys}/block/ r, @{sys}/block/ r,
# To be able to look up each block device by major:minor numbers @{sys}/class/block/ r,
@{sys}/dev/block/ r, @{sys}/dev/block/ r,
# According to the kernel docs[1], the major block numbers from 240 to 254 are allocated @{run}/udev/data/b2:@{int} r, # for /dev/fd*
# dynamically by the kernel for devices which don't have official numbers assigned. It looks like @{run}/udev/data/b7:@{int} r, # for /dev/loop*
# that "dm" (device mapper) and "zram" are such devices. To avoid issues when kernel config @{run}/udev/data/b8:@{int} r, # for /dev/sd*
# changes, it's better to allow the whole range (240-254) instead of the single major numbers @{run}/udev/data/b11:@{int} r, # for /dev/sr*
# visible in the /proc/devices file. @{run}/udev/data/b43:@{int} r, # for /dev/nbd*
# [1]: https://raw.githubusercontent.com/torvalds/linux/master/Documentation/admin-guide/devices.txt @{run}/udev/data/b179:@{int} r, # for /dev/mmcblk*
@{run}/udev/data/b24[0-9]:@{int} r, @{run}/udev/data/b230:@{int} r, # for /dev/zvol*
@{run}/udev/data/b24[0-9]:@{int} r, # for dynamic assignment range 240 to 254
@{run}/udev/data/b25[0-4]:@{int} r, @{run}/udev/data/b25[0-4]:@{int} r,
@{run}/udev/data/b259:@{int} r, @{run}/udev/data/b259:@{int} r,
@{run}/udev/data/b11:@{int} r, # for /dev/sr*
@{run}/udev/data/b179:@{int} r, # for /dev/mmcblk*
@{run}/udev/data/b2:@{int} r, # for /dev/fd*
@{run}/udev/data/b230:@{int} r, # for /dev/zvol*
@{run}/udev/data/b43:@{int} r, # for /dev/nbd*
@{run}/udev/data/b7:@{int} r, # for /dev/loop*
@{run}/udev/data/b8:@{int} r, # for /dev/sd*
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
@{run}/udev/data/+usb:* r, # for ? @{run}/udev/data/+usb:* r, # for disk over usb hub
include if exists <abstractions/disks-write.d> include if exists <abstractions/disks-write.d>