Create editor abstraction

I'm counting seven profiles that have a child profile named "editor" that all include roughly the same boiler plate policies. Let's abstract it out.
2025-01-18 08:58:15 +01:00 · 2024-05-11 14:52:59 -06:00 · 2024-05-11 14:52:59 -06:00 · e38f2ac721
commit e38f2ac721
parent 1739c07ca1
1 changed files with 29 additions and 0 deletions
--- a/apparmor.d/abstractions/editor
+++ b/apparmor.d/abstractions/editor
@ -0,0 +1,29 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Zane Zakraisek <zz@eng.utah.edu>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{bin}/sensible-editor        mr,
+  @{bin}/vim                  mrix,
+  @{bin}/vim.*                mrix,
+  @{sh_path}                   rix,
+  @{bin}/which{,.debianutils}  rix,
+
+  /usr/share/vim/{,**} r,
+  /usr/share/terminfo/** r,
+
+  /etc/vimrc r,
+  /etc/vim/{,**} r,
+
+  owner @{HOME}/.selected_editor r,
+  owner @{HOME}/.viminfo{,.tmp} rw,
+  owner @{HOME}/.vimrc r,
+
+  # Vim swap file 
+  owner @{HOME}/ r,
+  owner @{user_cache_dirs}/ r,
+  owner @{user_cache_dirs}/vim/** wr,
+
+  include if exists <abstractions/editor.d>