# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2015-2020 Mikhail Morfikov
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

abi <abi/3.0>,

include <tunables/global>

@{exec_path} = /{usr/,}bin/sensors
profile sensors @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>

  @{exec_path} mr,

  # Sensors config files
  /etc/sensors.d/{,*} r,
  /etc/sensors3.conf r,

  @{sys}/devices/pci[0-9]*/**/name r,

  @{sys}/class/i2c-adapter/ r,
  @{sys}/class/hwmon/ r,
  @{sys}/devices/virtual/hwmon/hwmon[0-9]* r,
  @{sys}/devices/virtual/hwmon/hwmon[0-9]*/ r,
  @{sys}/devices/virtual/hwmon/hwmon[0-9]*/{name,temp*} r,
  @{sys}/devices/**/hwmon*/{,**/} r,
  @{sys}/devices/**/hwmon*/{name,temp*,*_input} r,
  @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r,

  # file_inherit
  deny @{PROC}/@{pid}/net/dev r,
  deny @{PROC}/@{pid}/stat r,
  deny @{PROC}/@{pid}/net/tcp{,6} r,
  deny @{PROC}/@{pid}/net/if_inet6 r,
  deny @{PROC}/@{pid}/cmdline r,
  deny @{PROC}/uptime r,
  deny @{PROC}/diskstats r,
  deny @{PROC}/loadavg r,
  deny @{PROC}/@{pid}/io r,

  include if exists <local/sensors>
}