# apparmor.d - Full set of apparmor profiles # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{lib}/bluetooth/bluetoothd profile bluetoothd @{exec_path} flags=(attach_disconnected) { include include include # Needed for configuring HCI interfaces capability net_admin, capability net_bind_service, network bluetooth raw, network bluetooth seqpacket, network bluetooth stream, network alg seqpacket, network netlink raw, #aa:dbus own bus=system name=org.bluez dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name=:*, label="{brave,NetworkManager,pulseaudio,upowerd}"), dbus send bus=system path=/MediaEndpoint interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects peer=(name=:*, label=pulseaudio), dbus send bus=system path=/MediaEndpoint/{A2DPSink,A2DPSource}/* interface=org.bluez.MediaEndpoint1 member=Release peer=(name=:*, label=pulseaudio), dbus send bus=system path=/Profile/{HFPAGProfile,HSPHSProfile} interface=org.bluez.MediaEndpoint1 member=Release peer=(name=:*, label=pulseaudio), dbus send bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=InterfacesRemoved peer=(name=org.freedesktop.DBus, label="{jwupd,NetworkManager,pulseaudio,upowerd}"), @{exec_path} mr, @{lib}/@{multiarch}/bluetooth/plugins/*.so mr, /etc/bluetooth/{,*.conf} r, /var/lib/bluetooth/{,**} rw, @{run}/sdp rw, owner @{run}/systemd/notify w, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{sys}/devices/@{pci}/rfkill@{int}/name r, @{sys}/devices/@{pci}/**/{uevent,name} r, @{sys}/devices/platform/**/rfkill/**/name r, @{sys}/devices/virtual/dmi/id/chassis_type r, @{sys}/devices/virtual/misc/uhid/**/uevent r, @{PROC}/sys/kernel/hostname r, /dev/uhid rw, /dev/uinput rw, /dev/rfkill rw, /dev/hidraw@{int} rw, include if exists }