feat(profile): unify udev char dynamic assignment ranges.

This commit is contained in:
Alexandre Pujol 2023-12-17 12:46:27 +00:00
parent ceb4c582e1
commit e1a30cbf7d
Failed to generate hash of commit
19 changed files with 23 additions and 86 deletions

View file

@ -19,9 +19,7 @@ profile iio-sensor-proxy @{exec_path} {
@{run}/udev/data/+platform:* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/c13:@{int} r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/iio/devices/ r, @{sys}/bus/iio/devices/ r,

View file

@ -58,12 +58,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk, owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk,
@{run}/udev/data/c81:@{int} r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/media/devices/ r, @{sys}/bus/media/devices/ r,

View file

@ -102,9 +102,7 @@ profile pulseaudio @{exec_path} {
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c116:@{int} r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/devices/**/sound/**/{uevent,pcm_class} r, @{sys}/devices/**/sound/**/{uevent,pcm_class} r,
@{sys}/devices/virtual/dmi/id/{bios_vendor,board_vendor,sys_vendor} r, @{sys}/devices/virtual/dmi/id/{bios_vendor,board_vendor,sys_vendor} r,

View file

@ -130,12 +130,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,

View file

@ -41,9 +41,7 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
owner @{user_config_dirs}/pulse/cookie rk, owner @{user_config_dirs}/pulse/cookie rk,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/devices/@{pci}/revision r, @{sys}/devices/@{pci}/revision r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,

View file

@ -85,12 +85,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
@{run}/blkid/blkid.tab r, @{run}/blkid/blkid.tab r,
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/mount/utab r, @{run}/mount/utab r,

View file

@ -61,12 +61,7 @@ profile systemd-journald @{exec_path} {
@{run}/udev/data/c108:@{int} r, # For /dev/ppp @{run}/udev/data/c108:@{int} r, # For /dev/ppp
@{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters @{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters
@{run}/udev/data/c29:[0-9]* r, # For CD-ROM @{run}/udev/data/c29:[0-9]* r, # For CD-ROM
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,

View file

@ -77,12 +77,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
@{run}/udev/data/c81:@{int} r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/systemd/inhibit/ rw, @{run}/systemd/inhibit/ rw,
@{run}/systemd/inhibit/.#* rw, @{run}/systemd/inhibit/.#* rw,

View file

@ -74,9 +74,7 @@ profile subiquity-console-conf @{exec_path} {
@{run}/udev/data/c108:@{int} r, # For /dev/ppp @{run}/udev/data/c108:@{int} r, # For /dev/ppp
@{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/**/devices/ r, @{sys}/**/devices/ r,

View file

@ -185,12 +185,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c202:@{int} r, # CPU model-specific registers @{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c203:@{int} r, # CPU CPUID information @{run}/udev/data/c203:@{int} r, # CPU CPUID information
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/bus/[a-z]*/devices/ r, @{sys}/bus/[a-z]*/devices/ r,

View file

@ -66,12 +66,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c202:@{int} r, # CPU model-specific registers @{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/**/ r, @{sys}/**/ r,

View file

@ -32,9 +32,7 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/journal/socket rw, @{run}/systemd/journal/socket rw,
@{run}/systemd/inhibit/*.ref w, @{run}/systemd/inhibit/*.ref w,
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/class/hidraw/ r, @{sys}/class/hidraw/ r,
@{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r, @{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r,

View file

@ -30,9 +30,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+drm:card[0-9]-* r, @{run}/udev/data/+drm:card[0-9]-* r,
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card*
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/class/ r, @{sys}/class/ r,
@ -50,14 +48,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{PROC}/@{pids}/stat r, @{PROC}/@{pids}/stat r,
@{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r, @{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r,
/dev/char/c23[4-9]:@{int} w, # For dynamic assignment range 234 to 254 /dev/char/@{dynamic}:@{int} w, # For dynamic assignment range 234 to 254, 384 to 511
/dev/char/c24[0-9]:@{int} w,
/dev/char/c25[0-4]:@{int} w,
/dev/char/c38[4-9]:@{int} w, # For dynamic assignment range 384 to 511
/dev/char/c39[0-9]:@{int} w,
/dev/char/c4[0-9][0-9]:@{int} w,
/dev/char/c50[0-9]:@{int} w,
/dev/char/c51[0-1]:@{int} w,
/dev/dri/ r, /dev/dri/ r,
/dev/nvidia-caps/{,nvidia-cap[0-9]*} rw, /dev/nvidia-caps/{,nvidia-cap[0-9]*} rw,

View file

@ -167,9 +167,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:@{int} r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/n@{int} r, @{run}/udev/data/n@{int} r,
@{sys}/ r, @{sys}/ r,

View file

@ -193,9 +193,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c116:@{int} r, # for ALSA @{run}/udev/data/c116:@{int} r, # for ALSA
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/ r, @{sys}/ r,
@{sys}/bus/ r, @{sys}/bus/ r,

View file

@ -113,9 +113,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform:* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/pci/slots/ r, @{sys}/bus/pci/slots/ r,

View file

@ -90,9 +90,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/libvirt/virtqemud.lock rwk, owner @{run}/user/@{uid}/libvirt/virtqemud.lock rwk,
@{run}/mount/utab r, @{run}/mount/utab r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
@{sys}/devices/@{pci}/drm/ r, @{sys}/devices/@{pci}/drm/ r,

View file

@ -53,12 +53,7 @@ profile wireplumber @{exec_path} {
@{run}/udev/data/c14:@{int} r, # Open Sound System (OSS) @{run}/udev/data/c14:@{int} r, # Open Sound System (OSS)
@{run}/udev/data/c81:@{int} r, # For video4linux @{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
@{run}/udev/data/c24[0-9]:@{int} r,
@{run}/udev/data/c25[0-4]:@{int} r,
@{run}/udev/data/c3[0-9]*:@{int} r, # For dynamic assignment range 384 to 511
@{run}/udev/data/c4[0-9]*:@{int} r,
@{run}/udev/data/c5[0-9]*:@{int} r,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/media/devices/ r, @{sys}/bus/media/devices/ r,

View file

@ -56,3 +56,7 @@
# Name of the systemd profile: unconfined || systemd # Name of the systemd profile: unconfined || systemd
@{systemd}=unconfined @{systemd}=unconfined
# Udev data dynamic assignment ranges
@{dynamic}=23[4-9] 24[0-9] 25[0-4] # range 234 to 254
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511