# vim:syntax=apparmor
# Author: Jamie Strandboge <jamie@canonical.com>

#include <tunables/global>

/usr/bin/totem {
  #include <abstractions/audio>
  #include <abstractions/dconf>
  #include <abstractions/ibus>
  #include <abstractions/mesa>
  #include <abstractions/nvidia>
  #include <abstractions/python>
  #include <abstractions/totem>
  #include <abstractions/ubuntu-helpers>

  signal (send) set=("kill") peer=unconfined,

  # Maybe in an abstraction?
  /usr/include/**/pyconfig.h r,

  /usr/bin/totem r,
  /usr/bin/totem-video-thumbnailer Pix,
  /usr/bin/bwrap PUx,
  /usr/lib/@{multiarch}/libtotem-plparser[0-9]*/totem-pl-parser/* ix,
  /usr/{lib/@{multiarch},libexec}/totem-gallery-thumbnailer Pix,
  /dev/sr* r,

  # Help browser
  /usr/bin/yelp Cx -> sanitized_helper,
  # GDesktopAppInfo in GLib 2.64.x uses a very small shell script
  # to launch .desktop files, instead of gio-launch-desktop
  /{usr/,}bin/{dash,bash} ixr,
  # With older GLib we might still be on the fallback code path
  # (remove this after Debian 11 and Ubuntu 20.04)
  /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,

  # Quiet logs
  deny /{usr/,}lib/@{multiarch}/totem/plugins/*/__pycache__/ w,

  # Allow read and write on almost anything in @{HOME}. Lenient, but
  # private-files-strict is in effect.
  #include <abstractions/private-files-strict>
  owner @{HOME}/[^.]*    rw,
  owner @{HOME}/[^.]*/** rw,

  # Allow usage of openat with O_TMPFILE
  owner @{HOME}/#[0-9]*[0-9] m,

  owner /{,var/}run/user/*/dconf/user w,
  owner /{,var/}run/user/*/at-spi2-*/   rw,
  owner /{,var/}run/user/*/at-spi2-*/** rw,

  /sys/devices/pci[0-9]*/**/config r,
  /sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.totem>
}